http://www.newsbytes.com/news/01/170392.html

'Happy Hacker' Drops A Bomb On Security Experts
By Brian McWilliams, Newsbytes
CEDAR CREST, NEW MEXICO, U.S.A.,
21 Sep 2001, 3:34 PM CST
[snip]

On Wednesday, the 14,300-strong subscribers to a popular security list known as Vuln-Dev received what may have appeared a rare treat: a message to the list containing source code to a program that gave the user full control of a remote Unix system.

The message, apparently from Carolyn Meinel, a computer security consultant and author of a book called "The Happy Hacker," claimed the code exploited a vulnerability in the latest version of WU-FTPD, a file transfer program used by many sites around the world. A copy of the code, wu261.c, was also available at Meinel's site, techbroker.com.

But as some Vuln-Dev readers, many of whom are system administrators for businesses, painfully learned, the program was a Trojan horse, and if compiled and run, could delete most of the files on the user's computer.

[snip]

[Note that Meinel admits her server was hacked again. This time it was hacked while running the Brickserver software she has touted for so long.]


main page ATTRITION feedback