[46919] in North American Network Operators' Group
RE: Korean server security?
daemon@ATHENA.MIT.EDU (Joe Blanchard)
Wed Apr 17 14:33:18 2002
Message-ID: <E9BBE0941932D511934C0002A52CDB4E0127F87B@sj-exchange.wyse.com>
From: Joe Blanchard <jblanchard@wyse.com>
To: "Nanog (E-mail)" <nanog@merit.edu>,
"'brucewms@pacbell.net'" <brucewms@pacbell.net>
Date: Wed, 17 Apr 2002 11:24:37 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C1E63D.21B41C90"
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C1E63D.21B41C90
Content-Type: text/plain
Looks like someone actually hacked their main server, and not the one that
was the
target. Anyone that signed up for the contest got an email something like
the following:
>Regards,
>
>
> We should all respect the fact that Korea Digital Works is very
brave for releasing
>their products to the public like this, and openly inviting all hackers, to
find any possible exploits.
> One has to keep in mind that no matter how many preventions you take,
there will always
>potentially be a way to hack the system. Anyway, the contest server was
only simulation,
>not a real world environment, and you have to ask yourself "who will have a
webserver running
>with this small amount of services activated". No body. The real world
environment provided
>in this contest was not the simulation server at all, it was the overall
contest in general.
>
> This is why we decided to take the contest to the next level. We
chose to skip the
>games and festivals, and go straight to the main server (where you
registered for the
>contest). By taking this step, we achieve a real time environment with a
system that has
>many services running, just like many other web servers. We also gain
access to the server
>that contains all of the entries for the contest that is taking place, thus
granting us the
>ability to manipulate those entries to our liking (keep in mind your prize
money relies on
>your registration entry).
Theres more, but didn't want to pollute the list with to much off topic ASC.
-Joe
------_=_NextPart_001_01C1E63D.21B41C90
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: Korean server security?</TITLE>
</HEAD>
<BODY>
<BR>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">Looks like someone =
actually hacked their main server, and not the one that was the</FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">target. Anyone that =
signed up for the contest got an email something like the =
following:</FONT>
</P>
<BR>
<BR>
<BR>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>Regards,</FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">></FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">></FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">> We should all =
respect the fact that Korea Digital Works is very brave for releasing =
</FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>their products =
to the public like this, and openly inviting all hackers, to find any =
possible exploits.</FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">> One has to =
keep in mind that no matter how many preventions you take, there will =
always </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>potentially be =
a way to hack the system. Anyway, the contest server was only =
simulation, </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>not a real =
world environment, and you have to ask yourself "who will have a =
webserver running </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>with this small =
amount of services activated". No body. The real world environment =
provided </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>in this contest =
was not the simulation server at all, it was the overall contest in =
general.</FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">></FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">> This is why we =
decided to take the contest to the next level. We chose to skip the =
</FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>games and =
festivals, and go straight to the main server (where you registered for =
the </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>contest). By =
taking this step, we achieve a real time environment with a system that =
has </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>many services =
running, just like many other web servers. We also gain access to the =
server </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>that contains =
all of the entries for the contest that is taking place, thus granting =
us the </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>ability to =
manipulate those entries to our liking (keep in mind your prize =
money relies on </FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">>your =
registration entry). </FONT>
</P>
<BR>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">Theres more, but =
didn't want to pollute the list with to much off topic ASC.</FONT>
</P>
<P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">-Joe</FONT>
</P>
<BR>
<BR>
</BODY>
</HTML>
------_=_NextPart_001_01C1E63D.21B41C90--
