Freelancers Network
 
skill list top cap
Homepage
Join the Freelancer's Network
Update your details
Find a freelancer
Post a project
Find a project
Projects Archive
Post a job
Find a job
Jobs Archive
See Dan's Pages
See Andy's Pages
Link to this site
Resources
Join/Leave Forum
Forum Messages
+Additions+ Adverts
Advertising
Contact Us
Subscribe to our newsletter - enter your email address and hit return
Freelancers.net is owned and operated by Andy Stowell and Dan Winchester
skill list end cap
guru web hostcom

Find me again on Freelancers.net

Re: FN-FORUM: hack a site

date posted 6th January 2004 16:32

Thanks Dave, for the extensive email and the interesting info.
I'll go see what I can do with the info on those sites.

The user and pass should be pretty secure as they are a dynamcally
generated mixture of letters and numbers.

It's definatly not https though which is something that needs looking at.

regards,

Darren Yates
[EMAIL REMOVED]
http://dittodesign.co.uk
http://www.how-to-make-money-online.info
0776 235 5879

----- Original Message -----
From: "David Turner" [EMAIL REMOVED]
To: [EMAIL REMOVED]
Sent: Tuesday, January 06, 2004 4:56 PM
Subject: RE: FN-FORUM: hack a site


>
> Hi Darren
>
> Hacking:
>
> If you want to get into this sort of malarky, you could try
> www.searchlores.org which is deliberately difficult to navigate, but has
> loads of interesting stuff, if you stick with it. It is not explicitly
about
> hacking, it sees itself as being about gathering information, so there are
> lots of search engines hacks n tips etc. There are links to tools, that
you
> could use for hacking on this site. www.2600.org is also an interesting
> website, where you can learn quite a lot of interesting stuff, although
> again you will need to do your own research to apply it.
>
> If you want to jump straight into it, then you could join some script
kiddie
> IRC channel or other, and say things like gr8 and l8r - I think I am too
old
> to be a script kiddie now. :-(
>
> Is your website secure:
>
> Is your login page on a http page? if yes, then the password and username
> are transmitted across the internet unencoded. If someone was scanning for
> passwords they might trap a valid password/ username combination. There
are
> script kiddie tools, which you can set up to scan for this on the
internet.
> You should better to put it on a https page. Same thing for your sensitive
> data, is the sensitive data displayed using http? if yes, then it is being
> transmitted across the internet for anyone to see.
>
> There are numerous password/ username dictionary attacks, which you could
> download and try a brute force entry onto your website. Which brings us
> nicely onto what will undoubtably be the weakest area of your website,
which
> is... your users. No matter how secure your site is, if they choose admin
> and as a username/ password pairing, you are stuffed.
>
> I would recommend buying a book about web/ computer security, it is a
> massive subject.
>
> Finally if they want to be completely secure dont connect sensitive data
to
> the internet. Having said that if you know the risks, it is usually worth
> it.
>
> hth
>
>
>
>
>
>
>
> david.
>
> -----Original Message-----
> From: [EMAIL REMOVED] [EMAIL REMOVED] Behalf Of
> [EMAIL REMOVED]
> Sent: 06 January 2004 14:36
> To: FN-FORUM / [EMAIL REMOVED]
> Subject: FN-FORUM: hack a site
>
>
>
> Afternoon all,
>
> Interesting little project here for anybody that way inclined.
>
> I have a client going live with a new web based client management system.
> They are concerned about security via the login page. Simple username
> and password setup.
>
> Probably a long shot but anybody on the forum interested in trying to hack
> the site email me off list and I'll pass on the details.
>
> Failing that where can I pick up some dodgy hack software to have a go
> myself.
>
> regards,
>
> Darren Yates
> [EMAIL REMOVED]
> http://dittodesign.co.uk
> http://www.how-to-make-money-online.info
>
>
>
> --
> ** Get all the Freelance Work you Can Handle *
> The Web Design Business Kit will show you proven tactics
> and strategies for marketing your business, winning bids,
> managing projects and pricing your work. Free Shipping Worldwide.
> Read more & get free chapters at:
http://www.sitepoint.com/launch/b7c91e/3/4
>
> To advertise here: http://www.freelancers.net/advertising.html
>
>
> --
> ** Get all the Freelance Work you Can Handle *
> The Web Design Business Kit will show you proven tactics
> and strategies for marketing your business, winning bids,
> managing projects and pricing your work. Free Shipping Worldwide.
> Read more & get free chapters at:
http://www.sitepoint.com/launch/b7c91e/3/4
>
> To advertise here: http://www.freelancers.net/advertising.html
>
>



Messages by Day
January 31st 2004
January 30th 2004
January 29th 2004
January 28th 2004
January 27th 2004
January 26th 2004
January 25th 2004
January 24th 2004
January 23rd 2004
January 22nd 2004
January 21st 2004
January 20th 2004
January 19th 2004
January 18th 2004
January 17th 2004
January 16th 2004
January 15th 2004
January 14th 2004
January 13th 2004
January 12th 2004
January 11th 2004
January 10th 2004
January 9th 2004
January 8th 2004
January 7th 2004
January 6th 2004
January 5th 2004
January 4th 2004
January 3rd 2004
January 2nd 2004
January 1st 2004


Messages by Month
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004


Messages by Year
2008
2007
2006
2005
2004
2003
2002
2001
2000