Doubleclick round 2: unprotected databases
|Well well well...
How do you think DoubleClick officially reacted to our little previous story ?
A good old communication basic.
Unofficially, it seems that researches are done to fully understand what really happened. But beware : everything was OK, and nothing really happened, etc. We're hardly waiting for what they'll invent in their official press release to explain the presence of a backdoor in their servers.
Nothing really happened. Well well well... Hmmm...
Let's look at a server that is not connected in one way or another to the one we talked about yesterday (just kiddin', as we don't know what they'll imagine to assure their customers that everything's fine, we already imagine something like : "our website is corporate, nothing to do with our super-secured production environment"), like abacusonline.doubleclick.net
Abacus... What's that ?
It's one of the most important database regarding american citizens. On this website, Abacusonline's clients can connect and query the database. Let's see how they present themselves :
"ABACUS, a division of DoubleClick, Inc., is a world leader in targeted marketing solutions. By combining transactional data, advanced statistical modeling, and our extensive media reach, we help you target the customers most likely to buy your products or services based on who they are and what they already buy.
The Abacus database of buyer behavior is the largest in the United States. It contains over 3.5 billion transactions from more than 90 million U.S. households and includes geographic, demographic, lifestyle, and behavioral data from consumer, retail, business-to-business, and online markets. We span multiple channels (direct mail, email, market research, and Internet advertising) so you can integrate the most broadly-based yet highly targeted marketing campaigns."
Well well well... And what did we found ? Nothing else than the login and password to connect to abacusonline's database... No fear !
A good old bug discovered at the beginning of last year which everybody can refer to on securityfocus.com. And all those servers without patches. 'cause www.doubleclick.net & www2.doubleclick.net are not patched either...
Do we have to say again that the unicode bug is present, in multiple variants, on several DoubleClick websites ? They say they own more than 1000 servers worlwide... We'll never have the time to check them all. What a pity :)
Malade mental, bis repetita
Jean-Paul Ney condamné
et sur le Net...