Soulranger – little boy where are you?
Your prescribed method of security - password access security – you see another website got hacked.
Compromise a server that managed the obscure password-protected website ---- sound like this compromise server is a Directory Service server that manage the userid-password for access to the website. Could be LDAP server for Linux or Unix webserver or AD server for Windows IIS webserver?
Compromise a server that managed the obscure password-protected website ---- sound like this compromise server is a Directory Service server that manage the userid-password for access to the website. Could be LDAP server for Linux or Unix webserver or AD server for Windows IIS webserver?
Root admin of the server compromised?
Once the hacker take over the root admin of the Directory Service, he can reset the password of all the users' userids or issue them new password so that the owner of all the respective userids can no longer login with their old passwords and have to buy from the hacker to reset their password to grant them access.
You remember your own buzzwords - "Why do you keep yakking on 'confidentiality'?"
Once the hacker take over the root admin of the Directory Service, he can reset the password of all the users' userids or issue them new password so that the owner of all the respective userids can no longer login with their old passwords and have to buy from the hacker to reset their password to grant them access.
If not, it could compromise the ssh client that manage the
Linux Web server or rdp services that manage the IIS Windows Web Server.
Little Soulranger boy - any opinion you want to offer? “ 鸟子不懂 elastic”.You remember your own buzzwords - "Why do you keep yakking on 'confidentiality'?"
You should
change your name from "Soulranger" to "DangerSoul".
babe babe
I think hacker will do account lockout rather than resetting the password - so that when the account is lockout - even if supplying the right password will have no access to the website - until the hacker unlock the account.
babe babe
I am sure this hacker probably will come up with a catalog of service with pricing attached eg. :
(1) Unlock account = $A
(2) Reset password = $B
(3) Assign trust to a container of OU = $C
(4) Assign right & map right to resources = $D
(5) Host a web page with IIS web site = $E
(6) Create new user account = $F
(7) Allocate diskspace to user = $G
etc
Hacker will has transformed his hacking operation into a business – by asking users to transfer money to his bank account for each catalog service. I am sure user like Soulranger will pay – to store all his document and data there.
Hacker should post his bank account number in the web page so that users can pay him mah.
(2) Reset password = $B
(3) Assign trust to a container of OU = $C
(4) Assign right & map right to resources = $D
(5) Host a web page with IIS web site = $E
(6) Create new user account = $F
(7) Allocate diskspace to user = $G
etc
Hacker will has transformed his hacking operation into a business – by asking users to transfer money to his bank account for each catalog service. I am sure user like Soulranger will pay – to store all his document and data there.
Hacker should post his bank account number in the web page so that users can pay him mah.
Otherwise this hacker hack for what? For fun?
The BBC security team should have created a honeypot to let the hacker to continue to sell his service without alarming him.
As the hacker does not have physical custody of the physical server but a remote custody of the server, the security team should have quietly de-link and disconnect the compromised server from the BBC network and continue to let it run standalone and transformed it into a honeypot - to let the hacker have continued control over the compromise server - and let the hacker operate and sell his "prized possession" - until he is tracked and caught red-handed.
The BBC security team should have created a honeypot to let the hacker to continue to sell his service without alarming him.
As the hacker does not have physical custody of the physical server but a remote custody of the server, the security team should have quietly de-link and disconnect the compromised server from the BBC network and continue to let it run standalone and transformed it into a honeypot - to let the hacker have continued control over the compromise server - and let the hacker operate and sell his "prized possession" - until he is tracked and caught red-handed.
Meanwhile, I am sure BBC will
have backup copy of the Directory Service replica and schema from the backup
storage or reconstructed by replicas from other master or slave servers from
other sites to be restored into a fresh new server in the compromised site - to
operate as the real DS server to continue to serve the user access of the Web
Service.
Now tracking him is much harder.
No comments:
Post a Comment