Lamo denies $300,000 database hack

Lamo denies $300,000 database hack
Kevin Poulsen, SecurityFocus 2003-09-10

Days before going public with his penetration of the New York Times internal network last year, hacker Adrian Lamo created five new user accounts with the LexisNexis database service under the Times corporate account, which he used to rack up $300,000 in charges over the following three months, a federal complaint in New York charges.

Expand all | Post comment

Lamo denies $300,000 ego-surfing spree 2003-09-10
Anonymous

Lamo 2003-09-11
Anonymous (1 replies)

Easy target 2003-09-11
Anonymous

Lamo the polishing rag. 2003-09-11
Got Worm?

Lamo denies $300,000 ego-surfing spree 2003-09-11
Anonymous (1 replies)

Lamo denies $300,000 ego-surfing spree 2003-09-12
Anonymous

Lamo denies $300,000 database spree 2003-09-11
Anonymous (1 replies)

Is Maurice Clarett 2003-09-11
Anonymous

Of course he should be tried 2003-09-11
drg (3 replies)

Of course he should be tried 2003-09-11
The 420 Zodiac (1 replies)

Of course he should be tried 2003-09-12
Wckd (1 replies)

Of course he should be tried 2003-09-12
Anonymous (2 replies)

Of course he should be tried 2003-09-14
Anonymous

Of course he should be tried 2003-09-18
Anonymous

I havn't seen a listing of exactly what information he provides to companies he exploits, but since he seems to be doing it to boost sales of his services (hence the offer to help fix the problems) he should be keeping detailed logs of exactly what he does to get in so he can show that to the customer. Part of fixing the security problems is instructing the admins how not to make the same mistakes. Correcting the failed policies, and reviewing all other policies to weed out and fix problems that exist but were not touched on the initial penetration.

get over your thousands of man hours of work and pay attention to the details and the misconfigured proxies/firewalls/gateways.... won't be an issue. Allowing you to follow up on the exploitable applications you have available to the public to use.

Takes 1 hour to properly configure somthing in the first place, takes 1 week to document how someone exploited the improper configuration and gained access to your network. Which is a better use of your time?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6934/22391#22391

Of course he should be tried - Enough analogies! 2003-09-12
Anonymous (1 replies)

Of course he should be tried - Enough analogies! 2003-09-13
Jagdwulfe (2 replies)

Of course he should be tried - Enough analogies! 2003-09-15
Anonymous

Of course he should be tried - Enough analogies! 2003-09-17
Anonymous

Of course he should be tried 2003-09-15
Anonymous (1 replies)

Of course he should be tried 2003-09-21
Anonymous

Lamo denies $300,000 database hack 2003-09-11
Anonymous (1 replies)

Lamo denies $300,000 database hack 2003-09-11
Anonymous

Lamo denies $300,000 database hack 2003-09-11
Mike (2 replies)

Lamo denies $300,000 database hack 2003-09-11
Anonymous