The point is that I Googled my way into some serious system integrity information of some random website, just looking for example table layouts -
which means that the pages, links, and identity information required to access these pages
were all on Google.
If I am able to successfully do that to the LeagueOfReason, then it means that anyone with actual ill-intent can just flip around on our website and fuck our world sideways.
Do you think I'm announcing this for self-attention? Really?
If I didn't manage to get anything:
1) Nothing happens.
2) This becomes a fun conversation about SQL and Database Structuring for my Certification that I'm studying for.
3) We hate Google for their web-crawling programs somehow automatically putting a website's behind-the-scenes information online.
If I did manage to get something:
1) I would have held database queries to the LeagueOfReason
2) Database Queries -> Exploitation -> Personal Information Risk -> A serious change in Network Structure & a serious note to Google.
3) Nobody could hush over the fact that I
did manage to get them
from Google - something that would mean that everyone should change their passwords because they were obtainable by people with less-than-noble means.
4) We hate Google for their web-crawling programs somehow automatically putting a website's behind-the-scenes information online.
And it's not like I would be holding a list of Usernames and Passwords -
I would be holding the logical pathway to them.
Which means that someone with less moral standing and a bit of Query knowledge could just make an account, hop on over to a post on the message board, comment out a few areas (if that's how it was structured) and input anything they wanted and obtain anything they wanted and displayed to them.
Also note that I stated that I would not publish the tables - ergo, no one can get this information by just reading my posts.
WarK wrote:Yay, go the nephilimfree way, read some wikis and google for some stuff and you're an expert over night.
I'm not sure about you, but food doesn't poof itself into existence, last I checked. The Military may be paying for college after I get out - but when it comes to my line of work there turns out to be not that many job openings for my current trade out there.
Computers and Networks are logical - I can do logical.
WarK wrote:You come here and make this topic, don't you think it's a bit silly, or illegal even?
I don't know. Is a citizen of the United States bound by the laws of Her Majesty's jurisdiction?
Besides, this was just a courtesy notification to everyone - I can't, with good conscience, do this without a public notification of both the test and the outcome.
Think about it like this:
Would you want the ability to access your passwords, PMs, and other privileged information available on Google?
WarK wrote:If you want to playaround get a VirtualBox, install a server, run some phpBB or something like that and play with it. Don't go on a public forum and try to hack it.
You completely missed the point.
I'm not doing this for lulz or anything beneficial (well, it's also a bit beneficial to know that Google can publish your website's database queries - and that it's automated system will publish it regardless) to myself.
Google = Public Access
Public Access = ER'RY BODY
Besides, is it really "hacking" if it's currently public access? I guess I hack Facebook every day when I magically type in a box and it appears on my News Feed.
-------------------------------------------------------------
Results are not final - but nothing has been found so far.
A few more table ideas, though.
========================================================
And I really don't appreciate the joke.
Some would insinuate that being drunk at 9 in the morning to be signs of serious issues.
Me? I'd insinuate it as signs of no plans and a refrigerator full of Whiskey and Guinness.