Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
New York Times Internal Network Hacked
Kevin Poulsen, SecurityFocus 2002-02-26

How open proxies and default passwords led to Adrian Lamo padding his rolodex with information on 3,000 op-ed writers, from William F. Buckley Jr. to Jimmy Carter.

Comments Mode:
Good to Hear 2002-02-27
Cold Sunn
It was surprising at first when I read about Lamo and discovered he wasn't being put in jail since that is usually what you hear. But it is good to hear Lamo is appreciated. Thumbs up man....

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-02-27
Toybreaker
Lamo, nice work and way to keep everything on the up and up. Not many Hackers seem to have his ethics. I am curious if he is given any $$ for exposing these holes to the companies and not telling the world before fixes can be made. If I was head of of NYT I would be more than willing to cut him a fa...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-02-28
Anonymous (3 replies)
What is this?? What is the story here? A network gets "hacked" or more accurately broken into by an attacker that uses a misconfigured proxy. Suprise, suprise internal corporate network security is not exactly what it should be. Stop the presses, we got the scoop of the century! A network with poor...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-02-28
Anonymous
Just a brief comment.

"Lamo notified the Times of the vulnerabilities Tuesday through a reporter, and provided them with a list of the open proxies."

Why does this humble servant of all that is good and super “whitehat” hacker involve a reporter before talking to the NY Times? Is h...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-03-01
Anonymous
Him being praised or slandered for what he did or didn't do shouldn't be the issue here, unless you're upset that you don't get the same press. The important thing is that someone got into a network and wasn't arrested and dragged through the mud like a lot of others would have been. Hackers need ...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-03-04
Tod
Anonymous said:

> Script kiddie does not put his tag on the web site

Well, the fact is, he did put his tag in, by inserting his real name in the op-ed db.

According to the report, did pretty much everything a typical criminal attacker does, but for hiding his own identity -- and he traded t...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-02-28
Anonymous (1 replies)
I am pretty sure there must be couple of cissp people

who are the security officers at newyork times ! well this leads to the simple fact that there are people called white hats who are born ethical and do certifications like cissp just to show how clueless they are and how dangerous they are to t...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-02-28
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]>
> I am pretty sure there must be couple of cissp people

> who are the security officers at newyork times ! well this

> leads to the simple fact that there are people called white

> hats who are born ethical and do certifications like cissp

> just to show how clueless they are and how dangero...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-02-28
Cyberkni (5 replies)
I dont understand why anyone is impressed with Lamo's skills. He is not doing anything particularly amazing. Yes, they are large companies and networks but poorly configured. He has not found some new exploit or security concept. He is just looking for basic holes in large companies. A basic cry for...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-02-28
Anonymous
Then there are those who just complain......

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-03-03
Anonymous
I think that the issue is that he is so open about it. ...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-03-03
Anonymous
No, these are not new exploits. And that is the worst part. We have situations where sysadmins are not fully doing their jobs to ensure that their networks are protected. I'm all for this kind of exposure - and if Adrian can make a buck or two helping the companies close the holes he exploits, mo...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-03-04
Anonymous
Impressed...not so much technically, but I am impressed that he is doing something he enjoys so much that he is willing to do it for free. If he wants to find companies that are not keeping my confidential information private...I say right on. I say what he finds should be in the news every time. ...

[ more ]  [ reply ]
Ok, let's see you do it. 2002-03-04
Anonymous
The post's here seem to be jealous rants, "he's a script kiddie, he just wants attention." I didn't see any mention of scripting tools in the article. This guy seems to be very young and very knowledgeable, so what he does gets on the news, and what you do doesn't. So what? Do you feel inferior?...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-02-28
Anonymous
Great, another so-called "ethical" hacker. Charges should be brought against him by the NYT. This type of story is parallel to a guy running down a street, picking pockets, then running to the local press saying that "People need to be more aware of their belongings, maybe they need buttons on their...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-02-28
Anuska
Perhaps my understanding of current US law is skewed, but isn't this a crime? If you break into somebody's house and then show up to tell them how you did it, it would be a different story. So somebody tell me the difference, cause I don't get it....

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-02-28
Anonymous
You got to be kidding me. The guy is actively breaking into systems and he is being 'encouraged'.

What would happen if I walked into your house and showed the world how easy it was to do it??? Would you be thankfull I showed you the security vulnerabilities in your house and read all your person...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-03-03
Sum1
Lamo, if you read this.. and i'm willing to bet that you do... good job bro; all these people complaining are all talk - they call you a 'script kiddie' when you've already showed you know what you're doing on numerous occasions...

yes it is true that anyone can use a scanner to see if a server h...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-03-03
Disgusted (1 replies)
Accessing systems without permission?

Abusing thousands of individuals' privacy rights?

Creating accounts on other people's systems?

Accessing commercially sensitive information?

Visiting victims after the fact and signing NDAs?

Sounds to me like this hero is into extortion.

Lock him up.

...

[ more ]  [ reply ]
How would I feel? 2002-03-19
Ira Wing
I'd say hey, they need better physical security at that location and really need to consider that aspect as well as their data security. More importantly, however, what difference does it make how I feel? If I've been trusted with information I have a responsibility to provide that information wit...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-03-04
Anonymous
I would think if Lamo had good intentions he would not ever tell anyone but the company about the problems he encountered. The fact that this article exists in Security Focus indicates that he went straight to the media.

Someone mentioned that security professionals with certifications are cluel...

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-03-04
ananda in jp
Would I be a hero if I find that you have forgotten to close your house window, throw my socks there and tell you about it!!!

I wonder.......

[ more ]  [ reply ]
New York Times Internal Network Hacked 2002-03-04
Anonymous
I simply have one question. If this guy has hacked or cracked "ANY" network that he was not paid to hack, "penetration testing" ?vulnerability testing? then why is he not sitting behind bars in some federal facility? Why is nobody prosecuting him? I happen to be very worried about this type of incid...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus