SUSPECT: Re: Swiki cracked

Doug Way dway at riskmetrics.com
Fri Oct 17 14:41:03 UTC 2003 

Andreas Raab wrote:

>Nope. Actually this attack didn't even break into the Swiki. The guy used
>existing, unlocked pages which were linked from the front page. Since the
>links are updated when the referenced page title changes this results in a
>screw-up of the front page, too.
>  
>

Right, this guy didn't need any password to do this damage.  So we don't 
really have any defense against this sort of defacement unless we also 
lock the second-level pages with a password, or have a password for the 
whole swiki.

By the way, the password for the top swiki page is (and always has been) 
"squeak".  I'm pretty sure it's safe to post here, as anyone likely to 
deface the swiki is not going to be following this list.

I just fixed the "News" (renamed to "Fucked up") page by creating a new 
"News" page (linked from the top page) and copying the text from the 
history of the other one.  Someone else should probably fix the 
Screenshots page as well.

>You can see this if you look at the history of the edited pages (I just
>restored the history of Squeak page).
>  
>

(Er, which one is the "Squeak" page that you restored?)

- Doug


>Cheers,
>  - Andreas
>
>  
>
>>-----Original Message-----
>>From: squeak-dev-bounces at lists.squeakfoundation.org 
>>[mailto:squeak-dev-bounces at lists.squeakfoundation.org] On 
>>Behalf Of Aaron J Reichow
>>Sent: Thursday, October 16, 2003 2:54 PM
>>To: The general-purpose Squeak developers list
>>Subject: Re: Swiki cracked
>>
>>
>>Was the server actually a cracked, or did someone just edit 
>>the pages and
>>lock them?  It looks to be the former to me.   Were those 
>>pages locked,
>>and this person cracked the password?  Was it just a word?  
>>Or, were those
>>pages totally open, and this schmuck just waltzed in?
>>
>>I imagine most of the pages are as they were, but there 
>>appear to be at
>>least a handful needing fixing.
>>
>>Regards,
>>Aaron
>>
>>--
>>"a system based on exchanging products inevitably channels 
>>wealth to a few, and
>>   no governmental change will ever be able to correct that." 
>> ::  daniel quinn
>>
>>
>>On Thu, 16 Oct 2003, Daniel Altman wrote:
>>
>>    
>>
>>>Hi, the swiki has been cracked.
>>>
>>>Take a look at http://minnow.cc.gatech.edu/squeak and
>>>http://minnow.cc.gatech.edu/squeak/2726 for example.
>>>
>>>======================================
>>>Daniel Altman
>>>Buenos Aires, Argentina
>>>
>>>
>>>
>>>
>>>
>>>      
>>>
>
>  
>

More information about the Squeak-dev mailing list