193.252.122.103
Linux
Apache
No surprises there then. I guess they didn't patch the latest LAMP holes.
Personal data describing 1.3 million customers of Orange France has been stolen in the second hack to hit the telco this year. Hackers made off with subscriber names, dates of birth and phone numbers of about 4.9 percent of the telco's subscriber base. The company said hackers accessed data used for its email and SMS …
Seriously ?
ping www.orange.fr
PING d.hpc.gtm.fti.net (193.252.122.103
What makes you think hacking a front page of a company gives insight or access to such details?
If I have a Linux machine that hosts my site and then I have actual complex systems that store user phone details outside of the box hosting the website
how would LAMP holes have any form of implication on such an attack....
Surely such an attack would comprise the actual box hosting the site and show information related on this box
telnet 193.252.122.103 80
Trying 193.252.122.103...
Connected to 193.252.122.103.
Escape character is '^]'.
GET / HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Thu, 08 May 2014 09:01:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1
Infact how can you be even sure it is LAMP ? it is Linux Apache
can you please confirm where you got Mysql Php from before we proceed to take these comments seriously !
Further more if you click a link it appears as aspx
Maybe it was that underlying crusty IIS Windoze stuff that was not patched ... so unless you have full details of the comprise no point in making such wild accusations
LAMP has had recent holes in Apache, and Linux has holes regularly, so for the statement made to be true doesnt also require PHP or MySQL to be used. However the whole LAMP stack is indeed in use:
http://assistance.orange.fr/accueil-mobile.php
https://www.linkedin.com/pub/quentin-bezat/5/5b/691
"Web Developer - PHP / MySQL / JavaScript - looking for Orange.fr on the search engine's display"
QED.
> so for the statement made to be true doesnt [sic] also require PHP or MySQL to be used.
OMG, you're killing me here. "LAMP has holes" != "Apache/Linux has holes". You specified issues with a LAMP stack, so it does require MySQL and PHP in your argument. Otherwise it's not a LAMP stack, is it?
And you suppose that because they advertise for a job on PHP/MySQL (no L or A mentioned in your post at least) that this means all of their internet facing machines run LAMP, and that's how the hackers got in? That's already been dis-proven.
Great detection skills...
It said: "I guess they didn't patch the latest LAMP holes."
The latest holes were apparently in Linux and Apache. So regardless of if they are actually running the whole stack that statement could be correct.
But they ARE running the whole stack, which makes you an idiot for such pointless pedantry.
"because they advertise for a job on PHP/MySQL"
I take it you didn't bother actually reading the link - that's what the guy says he has ACTUALLY been doing - and it names the website - and it specifically says they have 20 LAMP servers in the farm.