[governance] Actually hacking the United Nations

Vittorio Bertola vb at bertola.eu.org
Sat Oct 21 07:13:34 EDT 2006


This is just to warn the list that the Web-form-based content management 
system for IGF workshop descriptions is quite insecure. I've hacked it 
without even thinking of doing it - just by reading the instructions, 
you can imagine a number of different ways to do it, and I'm too curious 
not to try.

Workshop organizers should perhaps back up any relevant information 
while Markus (who's just got an email with all details) gets the bug 
fixed. I guess they didn't imagine that anyone would want to mess it up, 
and possibly no one will actually do so, but you shouldn't put 
authentication forms on the Internet if they don't authenticate...

Apologies to Karen Banks and Matthew Shears - you'll find my test 
greetings in your workshop descriptions.
-- 
vb.             [Vittorio Bertola - v.bertola [a] bertola.eu.org]<-----
http://bertola.eu.org/  <- Prima o poi...
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance



More information about the Governance mailing list