Security threats Toolkit
Story: Tsunami 'hacker' is innocent, say readers
Posted by: Richard Pettigrew (Wednesday 12 October 2005, 8:13 PM)
If, as reported he tried the ol' /../../ trick, then he was obviously testing to see if the web server was vulnerable to this well documented flaw of allowing root access via a specific url sent to it.
This type of "attack" can reveal pertinent info on the security of the web server, but is generally used to gather info for further attacks. Was this his motive or not?
That said, only he really knows his motives for doing this, and hopefully did not lie in court or to the police. Everyone else's comments on this are irrelevant anyway. Are we now re-trying him via public opinion?
Full Talkback thread
Story: Tsunami 'hacker' is innocent, say readers
-
What happens if someone put that URL up as a link... Anonymous -
I often alter URLs to try to navigate badly design... Anonymous
-
So how do you check if a website is genuine o... Alan -
The situation has arisen due to the wordings of th... Praveen Dalal
-
It is unclear to me and, no doubt, most other... Noh W Jose
-
Having read this, it is even more Bolleux than I t... Steve B
-
How ludicrous that an act as simple as trying... Anonymous
-
If, as reported he tried the ol' /../../... Richard Pettigrew -
does that mean people think i can test their house... danny carr
-
Was this hacking or just 'acking? If you go for a... Writtroam
-
The ruling is unfair and I will go with the majori... Vinod Patel
-
Posting a website is an invitation to enter. It i... Anonymous
-
I not a security speaclist, or judge. However you... Anonymous
-
This is like a house breaker accidentally set... Fujikid
