Vivendi, the coming back !
Hackable servers, unreachable managers...
|Zebank and Atos
are among the Top 10 dotcoms quoted by Kitetoa.com. Here comes the times of... Vivendi.
This group had already been exposed in here because it left some of its internal
documents on its public misconfigured Web sites. At that time, Cegetel (Vivendi) had
considered any means to sue us. They did not like us to expose this information. Let us
hope that this time once again, they will understand that we are helping them for free and
that they will not sue us.
Vivendi is about to sell Vivendipublishing, its press activity. An enormous stuff... We wanted to see what it looked like on the Web. Well... It looks like something so misconfigured and deeply hackable that we are still laughing. One would wonder what is Jean-Marie Messier paying his security guys for... Others will see J2M as machiavelic as to sell those hackable websites and then return later with its Atari Net Generation (the free computer Vivendi is offering to its staff).
The subject is quite serious. The orders placed on the e-shops are accessible, the sites are hackable, the admin passwords are coded in the asp pages and can be viewed in a browser from anywhere on the Net. Free access and total disclosure!
We have far too many screenshots... Jean-Marie Messier wrote a book. The titel is: "j6m.com, should we be afraid of the new economy". Did he ever had any clear idea of what a company, with an online presence, should really fear ? If it's the case, he would be really afraid.
Security is not a CEO's stuff
The VivendiUniversalpublishing site itself [ here the help page related to the home page of the site which makes it possible to manage remotely VivendiUniversalpublishing via an HTML interface], some sites related to health, the publishing companies Dalloz and Dunod, these are as many easy hackable servers. The passwords coded where they should not be are generally default passwords. In short, a very good security policy for this company which wants to take a leadership on the Net as in the real world. And, don't forget that they already had a similar problem... Can't they learn anything?
As usual, we warned the sysads by e-mail. But this time, we wanted to know up to which point the general managers of a huge group could be interested (wished to imply themself?) by a serie of serious problems on its network of servers. We thus proposed in our mail to meet Eric Licoys, one of Jean Marie Messier's right arms, so that we could expose the problems. We, of course, proposed that tech guys be present. Bad luck, Eric Licoys is a very important person. He's got too many appointments. No way to meet him.
Even if we told the guys at Vivendi that we would only disclose the names of the hackable servers to him. The discussion lasted for one week with four different persons at Vivendi. But no way. This shows, in our humble opinion, how much the companies and the managers don't give a shit about security. We could only commit them reading or reading again Hell's r00ts which is not anymore a novel, but reality.
The other interesting trick is to see that certain men are unreachable. Did the guys at Vivendi wonder whether we were as much monopolized by our jobs as their bosses ? Did somebody wonder whether the fact of proposing an appointment to give away, for free, a half-day with the IP technologie loosers could be a problem for us???
In addition, we had chosen Eric Licoys because we had a mean to geet in touch by phone with him very quickly. It then turned out to be funny to see what's easier in order to reach him: being an anonymous guy or having a good "network" in real life. The answer is: you'd better know someone close to those guys if you want to talk to them.
Let's come to an end...
If the companies' data is their richness, if their image is a significant component of the evolution of their stock exchange price, then, the owners of Vivendi did not determine the effects which could have an intelligent attack on their servers. An attack aiming at recovering the contents of the databases and at modifying (in an intelligent way) the information disseminated by the subsidiary companies through sites of the group... Which would, for example, be the effect of a press release announcing that the results of the group will be well worse than forseen, a few days before the official release of the numbers? One could earn a lot of bucks on the stock markets...
Dear investors and pension funds: from now on, you know how much the stock price of VivendiUniversal could be endangered by large erratic fluctuations and which answer the managers give to this type of problems.
Nous envoyer des commentaires
By la page de le Feed-Back
Sommaire général du site
On s'en fout!
|Les dossiers :
Le monde fou des Admins
Le hack le plus bizarre
Guerre de l'info
Convention contre la cyber-criminalité
sur le site
...et sur le Net
D'autres choses du Ouèb