More Browser Hacking: What
All This Means for Computer Security
Some Internet servers are protected by an Intrusion
Detection System (IDS) that detects attempts to look in sensitive
directories such as cgi-bin, /etc or /bin. An IDS will record
the Internet address from which you accessed this directory.
If the systems administrator using the IDS is paranoid, he or
she might ask your online service to kick you off. Yes, your
online service will be able to tell it was you who was doing
this browser hacking.
Your solution is to MAKE FRIENDS WITH TECH SUPPORT at your
online service. If you use some giant company such as AOL, MSN
or Earthlink, this is impossible because there are too many people
and they usually work about a thousand miles from your home.
Your best bet is to look in the Yellow Pages of your phone book
for small local online services. If they are willing to make
friends with you, and understand that you are purely interested
in knowledge, sign up with them and your troubles are over. That's
what I (Carolyn Meinel) do.
Why doesn't every web site let your browser see and download
all sorts of goodies that aren't on the official web site? Stuff
like passwords and administrative programs and documents? As
you have surely seen, a bad attitude person can do a lot of harm
with some of the things you have learned in this Guide.
The answer is, you can get away with these stunts whenever
systems administrators haven't used decent Web server and file
transfer protocol programs, or they may have configured them
wrongly. While researching this Guide, I was amazed to discover
that some organizations that pride themselves on being experts
at computer security run misconfigured websites. Whoopsie!
That brings us to the best use of this Guide. You can use
these techniques to test your web site for vulnerabilities. See
if you can find any of these problems at Happyhacker.org -- I'll
give you credit in our ezine if you can find something misconfigured.
When you find these problems at other web sites, you can make
the Internet a better place by politely telling the webmasters
or sysadmins about it.
Have a bad day way: "Dude, your web server's all f***ed
up. You sure are a laymer!!!!
Have a nice day way: "While using Google, a search I
ran turned up a link to your customer database. Here's the exact
link (insert here). You might consider installing the latest
version of Apache, which I have found to be far easier to configure.
Or perhaps get a BRICKServer
web appliance, which I use for most of the web sites I administer.
It's as easy to use as falling off a log."
Notice that in the "nice day way" I don't tell the
administrator he or she is a dummy. Anyone can make a mistake,
especially if they are stuck because of some management decision
with running a web server that isn't very easy to configure,
or that is inherently insecure. Apache has the advantage of being
free from Apache.org.
BRICKServer is, in my humble opinion, the most secure and easy
to administer server for web, email and file transfers, but some
outfits can't afford it.
Generally the best email address for sending warnings of insecurities
is email@example.com (substitute the real web site name for
victim.com). Or if you figured out who the sysadmins are by viewing
the password file, you can amaze them by emailing them at their
user name addresses.
I've made friends by alerting people to their security problems.
Just be careful not to make them think you are looking for a
job or consulting contract, because that can make a bad impression.
If they discover that someone has broken in using a weakness
you told them about, some people could jump to the conclusion
that you did it in order to get money from them. So if you are
careful to make it clear that you don't want money, you can avoid
nastiness and make friends.
This is a Guide devoted to *legal* hacking! If anyone plans
to use any information in this Guide to commit crime, check out
to find out what happens to bad hacker girlz and boyz.
You are welcome to join our chat groups at http://happyhacker.org/jirc/
Clown Princess and author of this Guide to (mostly) Harmless
Hacking: Carolyn Meinel,