11 comments

[ 2.7 ms ] story [ 18.8 ms ] thread
Wow. Street justice does not fool around.
Those are some pretty damn good passwords, too. Just goes to show a good password doesn't mean everything.
Summary: he stored all his passwords (for servers, Gmail, Skype, AIM, etc.) in allinfo.txt on his web server.
Was it because his passwords were so long and complicated that he couldn't remember them? Irony.
this happen with me sometimes, i think that no one will think of this file to open or think of its content.

Two mistakes he made 1- the file name is easy to guess 2- he allowed file listening in his server

I asked the guy who did this what the entry point was,

The file name was not guessed, it was a shell command injection on the website, doing a ls listed an interestingly named file "allinfo.txt". Looking at this, it had the ssh username/password...

Cool, that's why it's called HACKER news here :)
You'd think that a self-professed hacker would know about password safes.
Well, there is no way to confirm if the post is really true. Put it sure is funny as hell.

Advice to mike, read up on a little project called Gnu Privacy Guard.

Same issue here. I have a ton of my usernames and passwords for services, but I can't confirm if they are true.

I wonder what I should do? Oh yeah, it's called logging on with them.