Oops hacked website

[Jacksonn]

I also remember the string code for un secure cameras..
How exciting it was when you found one that had a 360 pivot.

 

[Raumarik]

If it's a UK based company personally I'd screenshot etc then e-mail the ICO. Private companies rarely self-report to the ICO and get away with this stuff constantly.

 

[bainbridge]

I also remember the string code for un secure cameras..
How exciting it was when you found one that had a 360 pivot.

Happy days.

 

[Something Else]

If you want to be a real hacker go to the below url and press f11 have fun now! btw press caps lock twice to be denied access, left alt to gain access and esc to clear the message.

www.hackertyper.com

 

[Werewolf]

People sometimes share their whole hard drive on the web,
I've forgotten how I did it now but I've browsed through a few.

Kazaa?
I can't remember the name but one of the early file sharing programmes would let you do that very easily by mistake if you were not careful (IIRC it let you tick which directories to share, including the root directories).

 

[httk]

I hope you get something. I'd have been tempted to copy a few choice files. I wouldn't do anything with them, just keep them for when I tell people the story.

Let us know.

 

[FARGO]

I'm sure Anne Summers will send you something pink and wobbly as a thank you

 

[Cosimo]

I'm sure Anne Summers will send you something pink and wobbly as a thank you

An open packet of Haribo.

 

[MowyTone]

Next thing I'm in their entire customer list, from there accounts, orders, turnover, reseller price breaks, tax payments, stock, production runs etc etc

The fact that all of that is accessable at all via the website is aweful! Claim your reward if they decide to give you anything and then report them - You would have thought companies would have learnt to sort out thier architecture and security in the last few years....

 

[Raumarik]

Entirely depends how big the company is MowyTone, many of the small and medium sized ones don't see IT security as any form of priority and at best get someone in once every 5 years to glance over it, I'm not even talking about penetration testing, literally a glance over systems and a nod.

Larger companies aren't much better, truth is they only learn after they've been hacked a majority of the time, but usually hackers are in a system for an average 210 days before being detected (according to Spiderlabs).

 

[Flukester]

Well I had a reply....

Basically it said 'thanks, we knew about the problem as we were moving servers'

I replied, 'oh, I guess no reward then '

It's strange as soon as I had the reply the webserver was taken down... grrrrr

 

[Flukester]

I'm sure Anne Summers will send you something pink and wobbly as a thank you

I already have one, but a gimp suit, now we're talking!

 

[robgmun]

Well I had a reply....

Basically it said 'thanks, we knew about the problem as we were moving servers'

I replied, 'oh, I guess no reward then '

It's strange as soon as I had the reply the webserver was taken down... grrrrr

I would have thought you were a cheeky so and so and that reply would have guaranteed no reward

 

[tom_e]

I'm very surprised they were aware of the problem but chose to just leave it and hope!
Also asking for a reward would be the number one way not to get one as far as I'm concerned.

 

[Haggisman]

Well I had a reply....

Basically it said 'thanks, we knew about the problem as we were moving servers'

I replied, 'oh, I guess no reward then '

It's strange as soon as I had the reply the webserver was taken down... grrrrr

Surely the appropriate reply would be:

"Oh, that's cool then, I'm sure the ICO will take that into account"

 

[LizardKing]

Well I had a reply....

Basically it said 'thanks, we knew about the problem as we were moving servers'

Sounds like a professional outlet! There is no way private company details should ever find there way to being publicly accessible.

Did you contact the info in the whois by any chance? Should have gone to the ceo!

 

[Raumarik]

I'm very surprised they were aware of the problem but chose to just leave it and hope!
Also asking for a reward would be the number one way not to get one as far as I'm concerned.

From my experience of internal IT departments it's hardly surprising that security was let slip during a transition, if indeed there is a move taking place. It sound like an excuse.

That's why I suggested hitting it over to the ICO, it's the only way people learn.

 

[TheVoice]

I'm very surprised they were aware of the problem but chose to just leave it and hope!
Also asking for a reward would be the number one way not to get one as far as I'm concerned.

Indeed, I don't see why honesty should be conditional on receiving something in return for it.

 

[Haggisman]

Indeed, I don't see why honesty should be conditional on receiving something in return for it.

I don't see it as being conditional really - otherwise the OP would have been more like "there's something wrong with your website, but I won't tell you what unless you give me something for it"

He freely gave them the information, and it would have been nice for them to recognise that, and show their appreciation for the fact he alternately could have gone straight to ICO, used the info for his own gain, or sold it to the highest bidder for nefarious purposes, any of which could have the potential to cost them far more than a £20 (for the sake of argument) freebie for the OP.

 

[boxman2000]

People sometimes share their whole hard drive on the web,
I've forgotten how I did it now but I've browsed through a few.

Just reminded me of the first incarnation of Napster. The amount of people that shared entire drives (personal stuff and all!)

Quite fascinating what you can find out.