[OWASP-Bangalore] Mid-Day Website : Hackable --

Vinod Duggirala Naga nagavinod at gmail.com
Fri Jul 30 20:06:26 EDT 2010


Hi,

I am just following this mail thread. But could not able to get that to whom
this information has been passed in that organisation.
Is he/she the right person to whom we have passed the message and in general
regular IT people may not understand the implications of it until unless
some one explain them what exact wrong happens and how vulnerable they are.

In today's news paper there was a message about the FaceBook database hack.
At the same time owners of the same mentioned to the public that any way the
information which ever is hacked from the DB is already public information.
May be background they are working on the same.

In this context, I have an idea.I have this from long time but didn't
execute this in full strength.

Some of the security folks has to gather together. May be even from OWASP
Bangalore Chapter. Openly telling we can not stop all the attackers and at
the same time we can not go and inform each and every vulnerable site
owner. We need to plan for different types of public information security
awareness programs in a non-commercial mode. As of now, In my mind I thought
we need to have 3 different types of awareness program:
1. General Public community who all exposed to computers and computer based
transactions. This will make awareness to them in the context of "what all
attacks can happen and how much attention and care can be taken by
individual". This will go more over in non-technical terms.
2. Developers and the web site owners etc.. This will have a deeper level of
awareness what all the different attacks and how to handle them using
different open source program and why to handle them.
3. Student. This is more over like No.2. But the main objective of this
community is to create motivation towards this security and getting the
force to re-create the same when they enter into the IT industry.

I know this requires commitment and some background work. If minimum of 5-6
people are interested we can put initial things together and work on it.

As of now, please provide some comments with your experience about these
sort of awareness programs. Based on the comments we can start a mail thread
to discuss on this topic. :-)

Regards,
Vinod Duggirala
+91 9886196477

On Fri, Jul 30, 2010 at 9:30 PM, <owasp-bangalore-request at lists.owasp.org>wrote:

> Send OWASP-Bangalore mailing list submissions to
>        owasp-bangalore at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> or, via email, send a message with subject or body 'help' to
>        owasp-bangalore-request at lists.owasp.org
>
> You can reach the person managing the list at
>        owasp-bangalore-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OWASP-Bangalore digest..."
>
>
> Today's Topics:
>
>   1. Re: Fwd: Mid-Day Website : Hackable -- (sadara)
>   2. Re: Fwd: Mid-Day Website : Hackable -- (Bipin Upadhyay)
>   3. Re: Fwd: Mid-Day Website : Hackable -- (Soi, Dhruv)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 29 Jul 2010 16:40:36 +0530
> From: sadara <sadara at cisco.com>
> Subject: Re: [OWASP-Bangalore] Fwd: Mid-Day Website : Hackable --
> To: <owasp-bangalore at lists.owasp.org>
> Message-ID: <C8775F84.A53%sadara at cisco.com<C8775F84.A53%25sadara at cisco.com>
> >
> Content-Type: text/plain;       charset="US-ASCII"
>
> Folks ,
>
> Why don't we make a website and publish them .
> I mean not the flaws , just that some website has so and so problem .
> I know bad guys would try to exploit it , but atleast it would bring
> pressure on the website owners to close those holes .
>
> Regards
> Sashank
>
>
> On 28/07/10 7:29 PM, "chintan dave" <davechintan at gmail.com> wrote:
>
> > There are tons and tons of websites vulnerable.
> >
> > If people don't care, what is the point making ruckus about it on the
> group.
> > Its a decision they are taking - "not to fix". As long as someone is
> > understanding the risk and ready to live with that risk, its good
> > enough :)
> >
> > On Sat, Jul 24, 2010 at 9:00 PM, Raxit Sheth <raxitsheth2000 at gmail.com>
> wrote:
> >> Hey
> >>
> >> Anyone is having top level contacts can forward it ? Its home page is
> open.
> >> i found this from linkedin, and but none keen to listen.
> >>
> >> As it is still open, i dont think it is wise to publish details, however
> you
> >> can try its very easy, just 2min it will take.
> >>
> >> Raxit Sheth
> >>
> >> ---------- Forwarded message ----------
> >> From: <snipped>
> >> Date: Sat, Jul 24, 2010 at 2:25 PM
> >> Subject: Re: Mid-Day Website : Hackable --
> >> To: Raxit Sheth <raxitsheth2000 at gmail.com>
> >>
> >>
> >> I don't care
> >>
> >> On 24 Jul 2010 11:37, "Raxit Sheth" <raxitsheth2000 at gmail.com> wrote:
> >>
> >> Hello
> >>
> >>
> >> Looks like Mid-day website is easily hackable.
> >> Please ask someone who is managing Mid-day website to contact me on
> 98922
> >> 38248.
> >>
> >>
> >> Raxit Sheth
> >>
> >>
> >>
> >> _______________________________________________
> >> OWASP-Bangalore mailing list
> >> OWASP-Bangalore at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> >>
> >>
> >
> >
>
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 29 Jul 2010 11:23:36 +0000
> From: "Bipin Upadhyay" <muxical.geek at gmail.com>
> Subject: Re: [OWASP-Bangalore] Fwd: Mid-Day Website : Hackable --
> To: owasp-bangalore at lists.owasp.org
> Message-ID:
>
>  <1658315001-1280402617-cardhu_decombobulator_blackberry.rim.net-1621536997- at bda2265.bisx.produk.on.blackberry
> >
>
> Content-Type: text/plain; charset="Windows-1252"
>
> It's not actually.
> If end-users are in trouble due to  administrator's negligence, it's
> discretionary to disclose. That's the essence of full-disclosure.
> In any case, Raxit's been fairly responsible by not disclosing the details
> yet.
>
> My $0.02 (sorry, don't have Rupee symbol on my BB yet)
>
> -Bipin.
>
> ??sent from my pwnedBerry?
>
> -----Original Message-----
> From: chintan dave <davechintan at gmail.com>
> Sender: owasp-bangalore-bounces at lists.owasp.org
> Date: Wed, 28 Jul 2010 19:29:44
> To: <owasp-bangalore at lists.owasp.org>
> Reply-To: owasp-bangalore at lists.owasp.org
> Subject: Re: [OWASP-Bangalore] Fwd: Mid-Day Website : Hackable --
>
> There are tons and tons of websites vulnerable.
>
> If people don't care, what is the point making ruckus about it on the
> group.
> Its a decision they are taking - "not to fix". As long as someone is
> understanding the risk and ready to live with that risk, its good
> enough :)
>
> On Sat, Jul 24, 2010 at 9:00 PM, Raxit Sheth <raxitsheth2000 at gmail.com>
> wrote:
> > Hey
> >
> > Anyone is having top level contacts can forward it ? Its home page is
> open.
> > i found this from linkedin, and but none keen to listen.
> >
> > As it is still open, i dont think it is wise to publish details, however
> you
> > can try its very easy, just 2min it will take.
> >
> > Raxit Sheth
> >
> > ---------- Forwarded message ----------
> > From: <snipped>
> > Date: Sat, Jul 24, 2010 at 2:25 PM
> > Subject: Re: Mid-Day Website : Hackable --
> > To: Raxit Sheth <raxitsheth2000 at gmail.com>
> >
> >
> > I don't care
> >
> > On 24 Jul 2010 11:37, "Raxit Sheth" <raxitsheth2000 at gmail.com> wrote:
> >
> > Hello
> >
> >
> > Looks like Mid-day website is easily hackable.
> > Please ask someone who is managing Mid-day website to contact me on 98922
> > 38248.
> >
> >
> > Raxit Sheth
> >
> >
> >
> > _______________________________________________
> > OWASP-Bangalore mailing list
> > OWASP-Bangalore at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> >
> >
>
>
>
> --
> Regards,
> Chintan Dave,
>
> LinkedIn: http://in.linkedin.com/in/chintandave
> Blog:http://www.chintandave.com
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
> ------------------------------
>
> Message: 3
> Date: Fri, 30 Jul 2010 10:17:49 +0530
> From: "Soi, Dhruv" <dhruv.soi at owasp.org>
> Subject: Re: [OWASP-Bangalore] Fwd: Mid-Day Website : Hackable --
> To: <owasp-bangalore at lists.owasp.org>,  <owasp-mumbai at lists.owasp.org>
> Message-ID: <4c52597a.0503970a.3ac6.1319 at mx.google.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Here is something from mid-day: http://www.mid-day.com/postinfo.html ;-)
>
>
>
> From: owasp-bangalore-bounces at lists.owasp.org
> [mailto:owasp-bangalore-bounces at lists.owasp.org] On Behalf Of Raxit Sheth
> Sent: 24 July 2010 21:00
> To: owasp-mumbai at lists.owasp.org; owasp-bangalore at lists.owasp.org
> Subject: [OWASP-Bangalore] Fwd: Mid-Day Website : Hackable --
>
>
>
> Hey
>
> Anyone is having top level contacts can forward it ? Its home page is open.
> i found this from linkedin, and but none keen to listen.
>
> As it is still open, i dont think it is wise to publish details, however
> you
> can try its very easy, just 2min it will take.
>
> Raxit Sheth
>
> ---------- Forwarded message ----------
> From: <snipped>
> Date: Sat, Jul 24, 2010 at 2:25 PM
> Subject: Re: Mid-Day Website : Hackable --
> To: Raxit Sheth <raxitsheth2000 at gmail.com>
>
>
>
> I don't care
>
> On 24 Jul 2010 11:37, "Raxit Sheth" <raxitsheth2000 at gmail.com> wrote:
>
> Hello
>
>
> Looks like Mid-day website is easily hackable.
> Please ask someone who is managing Mid-day website to contact me on 98922
> 38248.
>
>
> Raxit Sheth
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20100730/17f8932e/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>
> End of OWASP-Bangalore Digest, Vol 32, Issue 9
> **********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20100731/f9b59dbf/attachment-0001.html 


More information about the OWASP-Bangalore mailing list