October 31, 2002
Hacking the Information Economy 2

Following up the Hacking the Information Economy-story, an interesting article from Wired turning things upside down:

"Both Intentia and Reuters agree the Reuters reporter obtained Intentia's financial statement directly from Intentia's website." [...]

"I don't see how people are supposed to know what are 'public URLs' vs. 'private URLs' at a website," said security and privacy consultant Richard Smith. "People can't be mind readers."

Interesting... Maybe not a very legal definition; but if the publishing company didn't even bother putting simple password protection on the document before release-time; isn't URL hacking fair play?

The Wired article claimed the URL was hard to guess... Here it is:

http://www.intentia.com/w2000.nsf/(files)/Intentia_02_Q3_us.pdf/$FILE/Intentia_02_Q3_us.pdf

It's say fair play to the journalist from Reuters if he/she has seen similar URLs before (I don't know for a fact, but imagine last quaters' results were available at for example
http://www.intentia.com/w2000.nsf/(files)/Intentia_02_Q2_us.pdf/$FILE/Intentia_02_Q2_us.pdf
http://www.intentia.com/w2000.nsf/(files)/Intentia_02_Q1_us.pdf/$FILE/Intentia_02_Q1_us.pdf

You don't need to be a Mensa member to see a pattern...?

Sponsored links
Related Entries
Comments

As I said on Hoosier Review:

"Dumb, dumb, dumb."

Posted by: Paul on October 31, 2002 04:28 PM

You saw it here first... Now Noregian IT news website digi.no announces the same tactic as above...
http://www.digi.no/dtno.nsf/pub/md20021031125425_okv_40969558

Posted by: andersja on November 1, 2002 11:38 AM
Post a comment
Name:


Email:
(Will not be displayed if you enter a website below. Otherwise, it will be displayed "spam protected")


Website:
(if you have one)


What do you want to say?
(please don't bother posting "spam" (pornography, viagra-sales etc - I will delete such comments anyway))


Remember info?



Referrers to this page
TrackBack URL for this entry:
http://www.jacobsen.no/cgi-sys/cgiwrap/anders/MT/mt-tb.cgi/343
Das E-Business Weblog: Security by Obscurity (December 6, 2002 01:48 AM)
"Der Nachrichtenagentur Reuters wurde vorgeworfen, einige schwedische Unternehmen "gehackt" zu haben um so vorzeitig an Informationen zu gelangen. Nun aber kam heraus, dass sich alle Beteiligten einig sind, dass Reuters die Informationen direkt von der ..."
Das E-Business Weblog: Security by Obscurity (August 14, 2003 07:20 PM)
"Der Nachrichtenagentur Reuters wurde vorgeworfen, einige schwedische Unternehmen "gehackt" zu haben um so vorzeitig an Informationen zu gelangen. Nun aber kam heraus, dass sich alle Beteiligten einig sind, dass Reuters die Informationen direkt von der ..."

3447 visits (2 today, 4 this week)

© Anders Jacobsen
[weblog / photography]