RE: Korean server security?

[Joe Blanchard <jblanchard () wyse com>]

Looks like someone actually hacked their main server, and not the one that
was the
target. Anyone that signed up for the contest got an email something like
the following:




> Regards,
>
>
>       We should all respect the fact that Korea Digital Works is very
brave for releasing 
> their products to the public like this, and openly inviting all hackers, to
find any possible exploits.
> One has to keep in mind that no matter how many preventions you take,
there will always 
> potentially be a way to hack the system. Anyway, the contest server was
only simulation, 
> not a real world environment, and you have to ask yourself "who will have a
webserver running 
> with this small amount of services activated". No body. The real world
environment provided 
> in this contest was not the simulation server at all, it was the overall
contest in general.
>       This is why we decided to take the contest to the next level. We
chose to skip the 
> games and festivals, and go straight to the main server (where you
registered for the 
> contest). By taking this step, we achieve a real time environment with a
system that has 
> many services running, just like many other web servers. We also gain
access to the server 
> that contains all of the entries for the contest that is taking place, thus
granting us the 
> ability to manipulate those entries to our liking  (keep in mind your prize
money relies on 
> your registration entry). 


Theres more, but didn't want to pollute the list with to much off topic ASC.

-Joe