Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Do you want to know how Mitnick got defaced?

Do you want to know how Mitnick got defaced?

by Nikola Strahija on February 12th, 2003 On January 30th 2003, hacker BugBear defaced Mitnick's website at DefensiveThinking.How attacker defafed the site? The attacker simply took advantage from the fact that DefensiveThinking administrator forgot to set up the policies for Frontpage extensions.


To deface Mitnick's site it was enough to go on your windows desktop, create
a new webfolder and name it with www.defensivethinking.com. The lack of
security set to Frontpage allowed the attacker to view the entire
DefensiveThinking websystem as a folder of the attacker windows computer. To
deface the webpage it was enough to create an HTML file with the defacement
message and drag&drop it into the newly created webfolder. As simple as
told.

This configuration mistake allowed the attacker to view, browse, read all
the files in DefensiveThinking's web structure. When Mitnick, interrogated
by friends at The Register stated: "The compromised computer is a public
system on a network separate from production systems at Defensive Thinking.
No customer information was released nor was in danger of being
compromised", we really hope it went in that way.

More on the Permissions Problems with FrontPage Extensions at
http://www.ciac.org/ciac/bulletins/k-048.shtml

Original article: www.zone-h.org


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »