WTF? - Some kind of joke or something? While checking Microsoft Downloads for new stuff, I came across the following listed for Flight Simulator 2000
26 Oct 2001 Flight Simulator 2000 Patch Remove WTC Towers v1.0 115 kb / 2min
clicking the link however takes you to a "sorry not found" page. Whats this?
Was it available? did anyone download it? or is it just a plain old Microsoft booboo. Let us know.
UPDATE: The patch is now downloadable, from us.. MS have not updated it yet as of this posting.
News source: Microsoft Downloads Web
Download: Remove WTC Towers v1.0 Thanks to Willywonka, for finding the download
26 Oct 2001 Flight Simulator 2000 Patch Remove WTC Towers v1.0 115 kb / 2min
clicking the link however takes you to a "sorry not found" page. Whats this?
Was it available? did anyone download it? or is it just a plain old Microsoft booboo. Let us know.
UPDATE: The patch is now downloadable, from us.. MS have not updated it yet as of this posting.
News source: Microsoft Downloads Web Download: Remove WTC Towers v1.0 Thanks to Willywonka, for finding the download
Further investigation revealed postings to online bulletin boards regarding the incident. According to WhiteHat Security CEO and founder Jeremiah Grossman, 'site' hackers often accumulate cracked accounts. One such account obtained by the hackers had Rainman overhead -- meaning it had the ability to edit associated content. Once logged in, all that was needed for editing rights was a group ID and password. Group IDs are exposed in a URL when an attempt is made to access Rainman, making the password the only roadblock to unfettered access.
Apparently, when a hacker was signed into the compromised account, an AOL employee sent an instant message mistaking the individual for a co-worker. With slight of hand and some misdirection, the AOL employee offered up the password to Rainman, as well as the password to his wife's account. In each instance, the login for the AOL account itself was identical to the Rainman password.
The alleged hacker summed up the experience in a bulletin board posting. "I hopped on it the other day and got a message from a coworker telling me about how he uploaded the new version of the economist and found out that he also used 'my' account. To make a long story short...I told him I was locked out of my account and he gave up the password. The next day I figured I could extort the rainman password out of him and I later found out...He also gave me the rainman password for his wifes account who also has rights to those keywords. It turned out that her logon password was also the same as here Rainman password but was bound to a Securid key." (sic)
Reports indicate that a brute force style program dubbed "Rainstorm" may have been used in the attack as well. However, all indications BetaNews has received point to human error as being a principal and deciding factor.
According to Grossman, "AOL and its staff require increased enforcement of security guidelines and policies when it comes to user account security. Whether it be an internal AOL account or a user account. These types of employee disclosure incidents should be allowed to take place. If employee accounts can be compromised through such modest means, what assurances do normal users have that they won't be targeted next?"
He continued on, "Apparently, AOL account passwords, whether belonging to employees and/or users need stricter requirements. Requirements such as, password length and sophistication have been implemented in security for quite some time. Its clear AOL has a big job and should be doing a better job in protecting accounts from this style of attack," said Grossman.
Despite repeated attempts to notify AOL and obtain comment, AOL did not respond by press time.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.