Kevin Poulsen, SecurityFocus 2003-12-19
A Cincinnati man who plead guilty Thursday to cracking and cloning giant consumer databases was only caught because he helped out a friend in the hacker community.
Colapse all |
Post comment
Chats led to Acxiom hacker bust
2003-12-20
bl0rf (1 replies)
bl0rf (1 replies)
Wow! Acxiom must have some pretty good emploees working for them if their time costs 2.4 mil$, they must have some great cars if they travel for 200000$ and they probably hate security if they were FORCED to spend 1.3mil$ for encryption ( could have used open source, but they just HAD to get the mos...
[ more ] [ reply ]
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-27
Alu
Alu
Acxiom claimed $1.3 million in security audits and encryption upgrades after the bust. This is something they should have done BEFORE security was compromised. The root password on the ftp server was sitting in a world-readable file. There's no excuse for that.
And as for the $200,000 in travel e...
[ more ] [ reply ]
And as for the $200,000 in travel e...
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-23
Anonymous (5 replies)
Anonymous (5 replies)
"At some point, while poking around on that server, he found an unprotected file containing encrypted passwords."
And Acxiom avoids all responsibility? This information should have been locked away in a safe heavily encrypted. Not left on an internal FTP server available to contractors and employ...
[ more ] [ reply ]
And Acxiom avoids all responsibility? This information should have been locked away in a safe heavily encrypted. Not left on an internal FTP server available to contractors and employ...
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-25
Anonymous
Anonymous
I'm not trying to defend Acxiom, who are cetainly open to criticism here, but your observation is utterly without merit. As you should know, any normal FTP server (assuming it was UNIX) will have its account passwords in an encrypted form on the server itself. If you're advocating Kerberos, say so. ...
[ more ] [ reply ]
[ more ] [ reply ]
Chats led to Acxiom CRACKER bust
2003-12-26
Anonymous
Anonymous
regardless... he broke the law. although i agree that whomever put the encrypted pw file on an ftp server should be ashamed and also beaten for his/her sins.. people like the net admin of this company are the reasons why CRACKERS have an easy time reaking havok.. these two were run of the mill slac...
[ more ] [ reply ]
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-26
Chris
Chris
Of course there should be something said about it. But be realistic about who the courts can blame. It wasn't worth it to fight that in court, that's like saying that the security panel on a bank was too close to the gate, and the robber could reach it with a stick, and disable the security alarm....
[ more ] [ reply ]
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-27
Lefhalas
Lefhalas
Whatever the outcome. This guy has made a name for himself. Most choose not to do anything because they are afraid of the consequences. He knew the risk, he knew what he had, gambled and lost. This happens often enough. The only way to win in the long run is not to play and thus remain unknown....
[ more ] [ reply ]
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-25
Anonymous
Anonymous
Over a million for new encryption and security software may be reasonable if it includes deployment costs but . . . isn't there a regulatory agency which would be interested in learning why they weren't already using this?
I'm pretty sure there'd be some hard questions if a bank tried to get a r...
[ more ] [ reply ]
I'm pretty sure there'd be some hard questions if a bank tried to get a r...
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-25
Anonymous (1 replies)
Anonymous (1 replies)
How does this company factor "the need for better encryption" into this man's sentancing? It's not like they need better encryption because of him. They need better encryption TO PROTECT THEIR CUSTOMER'S DATA. The fact that he stole this data doesn't make protecting it any LESS Acxiom's responsib...
[ more ] [ reply ]
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-27
Anonymous
Anonymous
The person in charge of network security should have been fired.
It was simply dumbin f*ckin luck that Mr Tuttle was caught for doing his evil deeds elsewhere. Otherwise, the company wouldn't have a clue.
In fact I bet you 1^10000000000 to 1 they still don't have a clue about network security....
[ more ] [ reply ]
It was simply dumbin f*ckin luck that Mr Tuttle was caught for doing his evil deeds elsewhere. Otherwise, the company wouldn't have a clue.
In fact I bet you 1^10000000000 to 1 they still don't have a clue about network security....
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-28
madclikr
madclikr
Why didn't Anxciom detect what he was doing from the recorded logs on the server? They spend all that money on implementing security on something that could have been prevented. He was going to that kind of info gathering, then he should have kept it ot himself or not do it all....
[ more ] [ reply ]
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-29
P (1 replies)
P (1 replies)
So what exactly is the "threshold that would require consumer notification"? I know California has a law, but what about the States/Countries that don't have laws -- what is the threshold to be ethical? Is the California law the measuring stick?
In my opinion, the threshold was crossed -- Acxio...
[ more ] [ reply ]
In my opinion, the threshold was crossed -- Acxio...
[ more ] [ reply ]
Chats led to Acxiom hacker bust
2003-12-29
Lefhalas
Lefhalas
Proud dimwit he shall stand forever. What does he really deserve? Send him to jail? Fine him one and a half million? I would just send him to his mother's house. Have a party celebrating the accompliments of their poorly intelligenced child. Spankings and pillory have really fallen out of fash...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]