FSF Site Hackable/Crackable
The FSF (free software foundation) website was humor hacked by Z505 Software and we informed Richard Stallman. If we had not informed him, the site could have undergone further attacks or may have already undergone attacks by other programmers.It is to be noted that Z505 Software only does White Hat hacking (good hacking) and we do not harm sites.. rather we inform them and help them with security problems.
Online Store Hackable/Crackable
A customer gets an email requesting to go to this page, and they enter their log in information to the online web store:
As you can see, it appears there was an error and the user entered a nil email address and therefore the password was also invalidated by the web server. Or at least, that's how it appears to the user.
But the reality is this web page doesn't actually exist on the server, nor was it suppose to. There is no such thing as "nil" email address. I just made that up. I injected it in there. There is no such thing as an error message that says "type again, it also appears to be invalid". I just made that up. I injected that message into the web page too.
This was the original page which the user was supposed to have arrived on:
This web store has a "Hacker Safe" logo on it yet I was able to inject my own form into the website where I can retrieve customers login and password info.
Computer Geeks does have good products and is a great store - it just happened to be one of the websites which I decided to hack into to demonstrate
why websites need more security.
We also went ahead and sent this humor message to their logs, hopefully they check them:
It is to be noted that Z505 Software only does White Hat hacking (good hacking) and we do not harm sites.. rather we inform them and help them with security problems. We sometimes add a sense of urgency for them to fix the bugs by using humor.. because some bugs that we report to vendors/sites do not get repaired quick enough if we send a formal boring message to them.