According the press reports two hackers hi-jacked the comcast.net domain by breaking into the owners online web-account at Network Solutions. OK, for all those who are still not clear aboute the rules of the game:
1. DO NOT hack anything without written consent
2. DO NOT brag to anyone about your "illegal" hack, including the press.
3. DO NOT get raided by the feds unless you are fully clothed.
Apparently, Defiant has learned his lesson about #3, unfortunately he's still not clear on #1 and #2.
"I slept in my clothes, because the last time they came, I was in my underwear with my dong hanging out and sh*t," Defiant said of a past raid.
nothing worse than getting arrested and not looking good :)
Doesn't "Little Bobby Tables" (http://xkcd.com/327/) live at "69 Dick Tard Lane" (http://chicagoist.com/2008/05/30/comcast_hackers.php)?
Sorry, I could not resist. =)
Best quotes I have seen in quite some time. I wonder how many other people live on Dick Tard Lane.
The "Little Bobby Tables" comic, while humorous, provides somewhat incorrect advice. Although "sanitizing database inputs" is on the right track - the better advice is to instruct the security aware programmer to use parameterized queries with binding of all variables when building a query. "Sanitizing database inputs", which implies input validation, is not nearly enough to protect against SQL Injection.
I would like to know what Jeremiah thinks about this kind of hacks.
Comcast wasn't hacked directly but through another domain. What if comcast had to carry out PCI compliance? They would have probably passed it but they would have been still hackable through third party vulnerabilities. On domains not interested by a pci compliance process. I wrote up my thinking about this here
PCI requires you to check/vouch for the security of your online service providers. In this case it would have or should have included the domain registrar. This will continue to be an attractive target for hackers moving forward.
i like little bobby tables
Post a Comment