|
Hacking
|
View this Thread in Original format
| Lagrangian |
I ran a script and screened my work's site and found various vulnerabilities pertaining to their homepage; enough to break in successfully and exploit them. It makes me wonder who ing built this Half-arsed website?
I'm very concerned for my company and I feel the need to monitor closely in order to plan ahead in case the company is facing some serious downturns; I suspect their finances might've encountered tremendous headwinds last year, with many stakeholders not receiving their fair share. Knowing well how secretive the financial world is, I figure it's the only way to gather the truth. Perhaps even use this as leverage to take greater responsibility for the firm by knowing their weaknesses first hand.
So, what do you guys think? Is there any chance of me coming out of this as an ethical agent of change? |
|
|
| Spacey Orange |
| i think you should buy low, sell high, collect early and pay late. |
|
|
| Lagrangian |
| The moon'ing was unintentional. |
|
|
| ziptnf |
| Before going to your manager or boss and saying "yeah, I hacked the system and found these vulnerabilities", it would be useful to gather every single piece of information on the vulnerabilities into some sort of presentation or document to use to show them how to better protect themselves on a security level and a financial level. The second they hear you say "I hacked", you're ing fired. It would be better to use the phrase "I ran some tests/scripts" or "I analyzed the security level of our systems" to find the issues. Discuss the possibility for immediate fixes as well as long term goals for a more secure site. That way, they will look at you as an asset going forward rather than a troublemaker. |
|
|
| Dykes_on_Jay |
| i can do a triple nipploe ollie. |
|
|
| ziptnf |
| Sounds like you're an asset to me, Jay. Just don't tell your students. |
|
|
| Looney4Clooney |
There are basic tools available to the most erudite users to scan a website and pull every single item that isn't protected even if you don't have any actual links. Even a simple tool like sitesucker, something many people use to make webpages available offline can find things you did not intend people to see.
In your situation, unless you are part of the IT department or your script was logged and might raise questions that make you look like you were not doing it for good , I would not tell a soul. I would not count on using it as leverage if your actions violate their computer usage rules you probably signed. |
|
|
| srussell0018 |
You should definitely tell them you "hacked" their website and demand to be promoted to head of IT security.
Make sure you sign your email “I am Anonymous. I am Legion. I do not forgive. I do not forget. Expect me.” In fact, put that in your email signature right now. |
|
|
| ziptnf |
| quote: | Originally posted by Looney4Clooney
In your situation, unless you are part of the IT department or your script was logged and might raise questions that make you look like you were not doing it for good , I would not tell a soul. I would not count on using it as leverage if your actions violate their computer usage rules you probably signed. |
But what happens when they trace your IP address to your machine name and find out that you did it without telling anybody? Then you're definitely fired. |
|
|
| itsamemario |
What you did was a penetration test. And since you had no malintent it's technically a grey hack. Had you had permission, it would have been a white hack.
Basically, you'll be this guy. |
|
|
| srussell0018 |
| quote: | Originally posted by itsamemario
penetration test. |
:gsmile: |
|
|
| justin |
| Is langraria in like outthere space or something. That's pretty cool name. I'm from theda da-da. |
|
|
|
|
