Search results

  1. Jan

    Suspended Altron Nexus execs to face disciplinary hearings

    And if the accused are found innocent? (to borrow legalise for short-hand... more accurately: if the suspended individuals under investigation are found not to have violated company policy?)
  2. Jan

    Woman who drove off with traffic cop on the bonnet of her car arrested, faces trial

    Woman who drove off with traffic cop on top of her car arrested, faces trial The woman who drove with a Gauteng Traffic Police officer on the bonnet of her car was arrested for resisting arrest and reckless driving. This is according to a statement from the Gauteng Department of Community...
  3. Jan

    The big South African IP address heist

    I'll follow the white rabbit, @Neo_X. Tell Morpheus I'm looking for him too.
  4. Jan

    The big South African IP address heist

    Please send those to me, if you don't mind?
  5. Jan

    "How I hacked DStv" - Security researcher

    This is a very interesting discussion, as always. Thank you! I can't disagree with your analogy, except to say that maybe it is going to be necessary to think differently about information security than physical security. A question to your question: How does the discovery, testing, and...
  6. Jan

    "How I hacked DStv" - Security researcher

    Yes and if MultiChoice had a proper bug bounty and contacts for professional security researchers on its website, things could have gone differently too... Agree to disagree on the first part of the sentence. Maybe in future when companies take information security more seriously this will be...
  7. Jan

    "How I hacked DStv" - Security researcher

    Your analogy assumes that the keys are being stored near the doors they unlock, or that the doors/windows weren't secured at all. That is not the case here. Yep, I get that. We're all entitled to an opinion, otherwise these threads would be boring.
  8. Jan

    "How I hacked DStv" - Security researcher

    Disagree on the minimum. You could also argue that it's just being thorough, so that when you report the issue you don't overstate the threat. MultiChoice didn't exactly react with speed to address the vulnerability, even when the threat was made clear. How much worse would it be if you don't...
  9. Jan

    "How I hacked DStv" - Security researcher

    These analogies are strawmen, though. This is more like the keys being hidden in an obscure location, but they've got some kind of magical beacon attached that can be searched for if you know how. This beacon also gives some hints as to where to look for a gate or door that might fit the key...
  10. Jan

    "How I hacked DStv" - Security researcher

    That's a useful (and interesting) perspective, thanks. Something I just want to make clear: Bright is the real deal. Just because the first time we've interviewed him in a context like this happens to be a "soft" hack shouldn't reflect on his skills at all. I didn't want to spend a paragraph...
  11. Jan

    "How I hacked DStv" - Security researcher

    That's a disingenuous argument and you know it. You don't have to invent a novel technique to say you've hacked someone. He found passwords *and* knew what they were for. I accept that some people won't consider that hacking, but there's no need to strawman this.
  12. Jan

    "How I hacked DStv" - Security researcher

    Thanks for the input. Also love Bleeping Computer. I would argue that this lies somewhere in the middle of that spectrum. While this was the similar kind of carelessness that causes millions of people's private data to be exposed when a database is left unsecured, the story is not the exposed...
  13. Jan

    "How I hacked DStv" - Security researcher

    A lot of Google Dorking comes down to exploiting configuration errors. In this case, the directory on the web server was probably exposed as a basic website. Here's an example: https://azaforum.com/download/ To get results like this you would search something like `allintitle:index of`...
  14. Jan

    "How I hacked DStv" - Security researcher

    It's not like they posted the creds onto their website, though. Anyway... I'm not here to argue semantics. I posted a question and you gave an answer — thanks!
  15. Jan

    "How I hacked DStv" - Security researcher

    I'm not sure I can say anything without making Bright's life difficult. <-- Except this. He certainly tested the credentials to make sure it was an actual threat, if that's what you mean. Further down the article he makes clear that he was able to access live SuperSport systems with the creds.
  16. Jan

    "How I hacked DStv" - Security researcher

    Despite my better judgement, I'll take the bait: None of the comments in this thread or Disqus caused the headline change. Under what circumstances would you consider a serious security breach a "hack". How hard must you have worked for the password? If I call a company and convince the person...
  17. Jan

    $11-million fraud charge for Sandton businessman

    I honestly just used the iframe Facebook itself provides when you click on "Embed" in the video's menu. I can't reproduce the error at all. This is the code they give: <iframe...
  18. Jan

    $11-million fraud charge for Sandton businessman

    Yikes. That's quite a headline. All that wouldn't even fit in a tweet!
  19. Jan

    $11-million fraud charge for Sandton businessman

    That's a Facebook video. You have Facebook blocked, don't you? :laugh:
Top