Australian democracy stubbornly fails to teeter on the brink of collapse this morning, after a bunch of script-kiddies mistakenly published a backup copy of a public Website in the delusional belief that they’d achieved yet another stunning coup in the “anti-sec” campaign. Anonymous’s self-aggrandizing but ultimately risible …
lol these guys get worse by the day. It's true that there are a couple of high level hackers than jump on the ship as and when they feel like it. And it's true that they do have some older leaders who guide the sheep in the general direction of proper mischief. But most of the time it's a bunch of noobs running exploit searching software against every site they possible can and hoping they find one with a vulnerability.
Anyone could download the same software and hit hundreds of sites until they also find one which is vulnerable and use the same software to break in through that vuln. Your average heavy internet user could manage this without breaking a sweat. No hacking skills needed. Then you just have to come up with some story about why you attacked that site so you don't seem like a noob that's just looking for any random unsecured server.
We are clueless
We are anonymous!!!
none of us
is as dumb as all of us
Not as easy as you might think, unless the security is really appalling...
I don't know what steps the Mosman Council have taken to secure their site, but as a standard measure, I only run MySQL/PostgreSQL on localhost, meaning anything wishing to connect to it must run from the same box, I change the user permissions of each dbuser to only allow them to perform the required actions rather than the full list of actions they can carry out, I give them a randomized name and password to stop them from being guessed, and I regularly check my CMS and other software for security updates. You wouldn't be able to get direct access to one of my SQL databases from an external box unless you managed some form of SQL injection, and even then you wouldn't be able to grab the full site and all its files, just the DB and its content.
In order to pull off a complete sitedump, they'd need FTP details, and I suspect that the database username and password is probably the same as the FTP and CMS logon as people don't like lots of different passwords. Sounds to me like some sort of PHP/SQL exploit which revealed the admin logon. Facepalm ;)
Not so much hacking skill as extremely lax security. The choice of target still puzzles me though, not exactly cia.gov is it?
"Not so much hacking skill as extremely lax security. The choice of target still puzzles me though, not exactly cia.gov is it?"
Think of it as a training exercise - no point in starting with the big boys.
"you have purchased a set of tools, would sir like a test drive?"
It's the only thing I can think of - but going public?
It sounds more like script kiddies pretending to be Anonymous
"It sounds more like script kiddies pretending to be Anonymous"
Well, yes, but that's exactly what Anonymous is, isn't it. It's not some actual group with actual members.
Did you use the wrong pseudonym and forget that this wasn't The Inquirer?
They most likely did this in protest to Mosman Councils placement of expensive parking meters in every single car park it owns, as well as street parking meters on every parking spot on every street they have.
I wish it was bought down.
OK - someone with a computer objects so lets smash things up a lot
A bunch of people stand up publicly and ask other people to vote for them. The one's that get voted for to do stuff on behalf of their community do so by taking decisions in public which can be challenged through appeals processes and judicial processes (again - in public and accountable). If the people that get voted for take decisions that piss off their community they can be not voted for next time round.
Now, in the real world we all know that there's lots of stuff that makes this elected representative system less than perfect.
However, whatever its flaws, replacing it with a bunch of anonymous, unaccountables who may or may not have any actual connection to the community affected has got to be about the dumbest suggestion I have ever seen from a commentard on these boards.
And as any regular knows, the standard around here isn't exactly high.
...to possibly 99 point something percent of the population, using wget IS hacking, surely?
At least that's the impression I've gotten when using it in the presence of just about anyone. Christ, if I was using dig or whois they'd probably think I was fit to be extremely rendered all the way to the US of A!
Working for a web hosting company, we regularly get people with static sites who want to move over but either don't know how to use ftp or don't have their details.
Took me a while to realise that casually saying "oh I'll grab you a copy of your site, it'll take a couple of minutes & save you the time" gets filtered through their brains as "I am h4xx0r, hear me roar!"
We Are Anonymous
We Do Not Forgive
We Do Not Wget
Pushing back the boundaries of blagging?
Several decades ago, a politician by the name of Ronald Reagan had an interesting trick. He would visit the local coal merchant in the city he represented, borrow a loaded coal truck and drive it about the town, stopping frequently to explain that he was "Taking coal to the Poor". After an hour or two, he'd return the full coal-truck back to the depot, having failed to offload any of it to any poor people. He had, however, convinced a number of local rubes that he was a magnanimous, generous man of the people.
I reckon Anonymous or LulzSec or whichever bunch of knuckle-dragging script kiddies it is this time are doing something like old Ronnie's trick: Make a lot of noise that sounds vaguely hacking-like, and claim to be 'leet hackers. They have however forgotten the cardinal rule of such blagging: Do Not Let The Deception Be Discovered.
From this we can conclude that they're a bunch of complete and utter muppets. If any of this crew of fools is reading this, then perhaps you are feeling aggrieved by my comments; the truth often hurts. If you want to get your own back, I have a lot of content at: warez.bofh.org.uk
Just saying, like.
Lest hope that none of them read the Inq :S
Simple rule here Richard... If it is not newsworthy, don't print it.
That particular council
In the 2nd richest area of Sydney is the most cluefree of any in the entire area. Lived under their "spell" for 3.5 years, their website is a hapless dumping morass of useless, out of date information.
No story as the truth is a drug in Mosman. Just ask on the corner near the Greek restaurant off of the high street if you have any doubts!
You know about wget? Who authorised that?
Burn da hackkker!
Has Marrickville Council's website been similarly hacked !!!!
huh ? anonymous must have struck again !!
It's saying on the Marrickville Council website, the Green party run council wants to:
Boycott the use of goods and services originating from Israel (at a cost to ratepayers of $4million)
Publicly mark all shops and businesses in the municipality that do any business with the Jewish state until they agree with the anti-Israel sanctions policy.
::: Joke Spoiler :::
For non-Aussies: It ain't a joke.
They withdrew support for the GBDS on 20th April?
Not that I had even heard of Marrickville, what with living approximately on the other side of the planet. However, after a quick Googling I found a little document you might want to read:
http://www.marrickville.nsw.gov.au/BridgeDownload/MR.+COUNCIL+WITHDRAWS+FROM+GBDS.PDF?s=1942604687,docID=24720.11 (Warning: PDF)
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Analysis BlackBerry's turnaround relies on a secret weapon: Its own network
- Hire and hold IT staff in 2015: The Reg's how-to guide