Korean server security?

Wed Apr 17 18:24:37 UTC 2002

Looks like someone actually hacked their main server, and not the one that
was the
target. Anyone that signed up for the contest got an email something like
the following:

>Regards,
>
>
>	We should all respect the fact that Korea Digital Works is very
brave for releasing 
>their products to the public like this, and openly inviting all hackers, to
find any possible exploits.
> One has to keep in mind that no matter how many preventions you take,
there will always 
>potentially be a way to hack the system. Anyway, the contest server was
only simulation, 
>not a real world environment, and you have to ask yourself "who will have a
webserver running 
>with this small amount of services activated". No body. The real world
environment provided 
>in this contest was not the simulation server at all, it was the overall
contest in general.
>
>	This is why we decided to take the contest to the next level. We
chose to skip the 
>games and festivals, and go straight to the main server (where you
registered for the 
>contest). By taking this step, we achieve a real time environment with a
system that has 
>many services running, just like many other web servers. We also gain
access to the server 
>that contains all of the entries for the contest that is taking place, thus
granting us the 
>ability to manipulate those entries to our liking  (keep in mind your prize
money relies on 
>your registration entry). 

Theres more, but didn't want to pollute the list with to much off topic ASC.

-Joe

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020417/c45c9837/attachment.html>