'Happy Hacker' Drops A Bomb On Security Experts
By Brian McWilliams, Newsbytes
21 Sep 2001, 3:34 PM CST

On Wednesday, the 14,300-strong subscribers to a popular security list known as Vuln-Dev received what may have appeared a rare treat: a message to the list containing source code to a program that gave the user full control of a remote Unix system.

The message, apparently from Carolyn Meinel, a computer security consultant and author of a book called "The Happy Hacker," claimed the code exploited a vulnerability in the latest version of WU-FTPD, a file transfer program used by many sites around the world. A copy of the code, wu261.c, was also available at Meinel's site,

But as some Vuln-Dev readers, many of whom are system administrators for businesses, painfully learned, the program was a Trojan horse, and if compiled and run, could delete most of the files on the user's computer.


[Note that Meinel admits her server was hacked again. This time it was hacked while running the Brickserver software she has touted for so long.]

main page ATTRITION feedback