Details of the violation of Poste.it
10-12-09
The site of the Italian Post Poste.it was violated! The author or authors seem to be Italian. Poste.it announced that no data users has been “stolen” from their database, but unfortunately the authors of the defaced wrote a very different message on the website:
“The Italian Post Office have been obscured?
Because this act of force?
To demonstrate to millions of Italians that their sensitive data is not safe!
It seems crazy but all the security guaranteed in on-line e-commerce is only apparent.
For your chance we are not malicious people, so your data and your accounts have not been touched;
But what if one day someone came with intentions far worse than ours?
With this gesture, therefore, invite the leaders to address the serious lack of security of online services for Poste spa.Mr.Hipo and StutM “
So conflicting versions between the authors and dell’defacciamento release of Poste.it.
It is thought that the author of the act has released the first information and screenshots at unu1234567.baywords.com. The tool used is called Pangolin and is distributed by nosec.org.
Through this tool automatically, the hacker poste.it discovered that the database is used by Poste.it Oracle and has managed to gain possession of the administrative accounts in the database, as shown in this image.
E ‘was also made public a video showing a breach of the site Poste.it:
The Postal Police has launched investigations to trace those responsible.
The point from where the assault on one page vulnerable to SQL Injection in this subdomain salastampa.poste.it.
During the whole night the site was unreachable, only the morning there was the remedial action.
Art. 615-ter of the Penal Code provides:
-Any person who unlawfully breaks into a computer system or computer format protected by security measures or there is maintained against the will expressed or implied who has the right to exclude him, shall be punished with imprisonment up to three years.
-The penalty is imprisonment from one to five years:
1) If the act is committed by a public official or an employee of a public service, with abuse of authority or misconduct related to the function or service, or even abused by the person exercising the profession of private investigator, or abuse as operator of the system;
2) if the offender uses the fact to commit violence against property or persons, or if it is clearly armed;
3) if the fact comes the destruction or damage or interruption of all or part of the system functioning, or the destruction or corruption of data, information or programs contained in it.-Should the facts in the first and second paragraphs relate to computerized systems or military interest or of public order or public safety or health or civil defense or otherwise in the public interest, the penalty is, respectively, of imprisonment from one to five years and three to eight years.
-In the case provided the first paragraph of the crime is punishable on complaint by the offended person, otherwise we shall proceed with. “
Hackers and ordinary people have declared that the attack suffered by the Italian post office is fortunate, because some comments have appeared on the web read briefly that it is an advantage that the bug has been exploited for a defacement, so the vulnerability and will definitely fixata attackers will not have access to customer data to Poste.it.
Thank you! That was very informative, I just bookmarked your url.
Commento da Hacker o Lamer:
0 
0