Australian Police Database Lacked Root Password 214
Concerned Citizen writes "The Australian Federal Police database has been hacked, although 'hacked' might be too strong a word for what happens when someone gains access to a MySQL database with no root password. Can you be charged with breaking and entering a house that has the door left wide open? Maybe digital trespassing is a better term for this situation. 'These dipshits are using an automatic digital forensics and incident response tool,' the hacker wrote. 'All of this [hacking] had been done within 30-40 minutes. Could of [sic] been faster if I didn't stop to laugh so much.'"
a legit hack (Score:5, Insightful)
They broke out of a honeypot, discovered the available services on a private network, then found and exploited s service that was misconfigured.
Believe it or not, most hacks don't involve writing custom exploit code. They just require some work and the sense to know what you're looking for.
Comment removed (Score:5, Insightful)
Re:It's still breaking and entering (Score:5, Insightful)
I should hope that the law is literal. "Don't be so literal" is not the kind of argument you want to hear from the prosecution at any phase of a trial. Especially sentencing. Assault and Battery are sure as damn different things, and separably chargeable.
Re:Brag about it and get snapped! (Score:5, Insightful)
Well, they would say that, wouldn't they?
In seeing this from the dark side... (Score:4, Insightful)
That's a little like saying "Can someone be charged with stealing a bike if it was just sitting up against the front of the store while the owner was inside the store.."
Just because there wasn't a safeguard in place (supreme dumbasses? Why yes!) it isn't a valid legal argument (at least in the states) to plead ignorance to the
effect that you still stole the bike, even if there was no lock securing it..
It might be an interesting place to live if everything could be played with/used/stolen
as long as it wasn't secured..
As always, I may know nothing about anything, ever - and don't smoke crack.
Re:a legit hack (Score:4, Insightful)
And? A hack doesn't have to be "hard" to be a hack. As the word is popularly used today, breaking into a computer through nonobvious (to the average person) means is hacking.
TERRIBLE analogy (Score:3, Insightful)
Let's get a better analogy:
"If you broke a window (pun intended), entered the house, saw safe on the floor, turned the handle and it was unlocked, would you be breaking and entering?"
Re:mmmm........ (Score:5, Insightful)
Incompetence? You're right; employees typically aren't fired for that, but causing major embarrassment is always grounds for termination.
Re:mmmm........ (Score:5, Insightful)
Government employees are always fired when their actions (or inaction) embarrass their political masters
Fixed that for you :)
Re:no injection necessary (Score:2, Insightful)
Re:a legit hack (Score:3, Insightful)
By your definition, visiting the FTP server I found running on your PC is hacking. Last month I opened a browser and typed "ftp://ftp.mozilla.org/" to look for an older version of Firefox. I didn't know if such a thing existed, I was just guessing. This is probably hacking, too.
Re:mmmm........ (Score:5, Insightful)
It most sure as hell IS NOT the person that should be fired.
Re:mmmm........ (Score:4, Insightful)
Is president of the United States considered a government employee? Cuz... that totally messes up your comment if so.
Re:Even if unlocked still breaking and entering (Score:2, Insightful)
How can I know the felony is worth it if I can't look at his porn stash first!
Re:mmmm........ (Score:3, Insightful)
I hear the call of he who shall not be named... Lord Mandels... *guurk*
Re:mmmm........ (Score:1, Insightful)
The president is a figurehead or scapegoat for those that are truly in charge. You wouldn't fire your scapegoat unless you really had to.