Nice to TOMHTML to wraps up the story.
For those who want the full story (in french) the source is here : http://3couleurs.blogspot.com/2007/02/netvibes-hacke.html |
sounds like what this guy did is borderline criminal... |
borderline yes, because he published the flaw before alert Netvibes team. But if he wanted, I was able *all what he wants*... |
here's the yahoo cache of the blog
http://216.109.125.130/search/cache?p=http%3A%2F%2Fsecurityweb20.blogspot.com&fr=yfp-t-501&toggle=1&ei=UTF-8&u=www.fuzz.fr/%3Fredir/Comment-j-ai-hack-Netvibes&d=SfOW_exsOPQZ&icp=1&.intl=us |
why the hell you advertise a criminal? anyway, the story is on Netvibes' own blog, and they say that the security problem has been solved. the guy is just a stupid cracker criminal, without not ethics, and did nothing special, just get some developer data. |
nothing special? Fortunately he alerted Netvibes! If he wasn't there, a 'real' hacker could now do all what he wants with the site... |
"Fortunately he alerted Netvibes!" Not true. If you read the Netvibes' blog entry, you can read, that (s)he didn't! It was just on a blog entry, catched by the Netvibes people.
And again, if you read the blog entry, you can read, that no general personal data was got. Just a developer's database, full with test data... The guy "hacked" a development system, not Netvibes.com! |
