Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Slashdot: Yup, Somebody Cracked Slashdot

Sep 29, 2000, 15:12 (0 Talkback[s])
(Other stories by Rob Malda)

"So last night a couple of guys (Nohican && {}) Cracked in to Slashdot. As they say, the weakest link in any security system is human: on one of our test boxes, we had a "Clean" copy of Slashcode installed, with default data... including the temp admin password (God/Pete). It didn't take much after that to get into Slashdot itself..."

"What a great way to wake up! I went to bed at about 10 last night, completely exhausted (stuff unrelated to Slashdot stressing me out). I guess the upside is that I had a good nights sleep: the downside is I still haven't had a morning cup of coffee ;)"

"Allright, so by using the 31337 haxx0r tool known as "Common Sense", {} and Nohican managed to get a Slashcode test site's administrative access (this isn't a root shell or anything: its only a series of web forms used to post stories, and configure various parts of the site). This was our biggest mistake: the password (God/Pete) was never changed on the test site. From there, it was a cake walk."

Complete Story

Related Stories: