Hacker News new | past | comments | ask | show | jobs | submit login
Twitter XSS Worm writer Mikeey gets hacked (seclists.org)
52 points by janitha on April 17, 2009 | hide | past | favorite | 10 comments



Summary: he stored all his passwords (for servers, Gmail, Skype, AIM, etc.) in allinfo.txt on his web server.


Was it because his passwords were so long and complicated that he couldn't remember them? Irony.


You'd think that a self-professed hacker would know about password safes.


this happen with me sometimes, i think that no one will think of this file to open or think of its content.

Two mistakes he made 1- the file name is easy to guess 2- he allowed file listening in his server


I asked the guy who did this what the entry point was,

The file name was not guessed, it was a shell command injection on the website, doing a ls listed an interestingly named file "allinfo.txt". Looking at this, it had the ssh username/password...


Cool, that's why it's called HACKER news here :)


Wow. Street justice does not fool around.


Well, there is no way to confirm if the post is really true. Put it sure is funny as hell.

Advice to mike, read up on a little project called Gnu Privacy Guard.


Same issue here. I have a ton of my usernames and passwords for services, but I can't confirm if they are true.

I wonder what I should do? Oh yeah, it's called logging on with them.


Karma's a bitch, isn't it?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: