ThinkDigit Site Hacked

Status
Not open for further replies.

FilledVoid

Who stole my Alpaca!
I must say good work. Definitely will keep the slackers in the Development Firm on their toes :). However, what tuxfan said is true.

Section 43(a) : Penalty for damage to computer, computer system, etc.- If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,- accesses or secures access to such computer, computer system or computer network downloads, copies or extracts any data, computer data base information from such computer, computer system or computer network including information or data held or stored in any removable storage medium.

Under the IT Act you need not prove intent to become liable. On the contrary everyone appreciates efforts taken by white-hat hackers which demonstrate flaws in their software / network as rohan did.
 

Ecko

Wandering In Tecno Land
GR8 Job
Though I'm a little late at congratz :D
Keep Going
Someone hack Indian Army Website They Consider IT Engineers not as Engineers (Personal Grudge :D)
 

phreak0ut

The Thread Killer >:)
Good job. Did you get the exploit from somewhere or did you write the exploit yourself? oh, by the way, why don't you put this news as an Announcement? :D
 

victor_rambo

हॉर्न ओके प्लीज़
Good job. Did you get the exploit from somewhere or did you write the exploit yourself? oh, by the way, why don't you put this news as an Announcement? :D
Every decent PHP programmer is aware of the exploit. Can't reveal anything more.
 

victor_rambo

हॉर्न ओके प्लीज़
It's such a simple exploit?? seriously??? Then, why didn't the admins patch the site?
It was not that simple. An UNEXPECTED variation was used. The routine method failed to work. Ofcourse, all these info is useless until I disclose some other details, which I am not :D gonna do.

What I actually suspect to be the reason for this exploit being successful is something else, but I still cannot justify to myself so as why the coder must have used that method.
 
Last edited:

tuxfan

Technomancer
Thanks for your concern mate. But I know the loopholes which I am obviously not discussing out here :D

And yeah, in the Court of Law, Intention DOES matter. They say:
"If a doctor gives a medicine with an intention to harm the patient, the doctor is a criminal even if the medicine does not cause harm. In the same way, if a doctor gives a poison with the intention of curing the ailment, it is not a crime."

Obviously you have to have something to PROVE your intention, which I already have. ;)

Yup, intention does matter in case of a crime - mens rea - thats what its called. But thats a generic proposition, not law. ;) FilledVoid has pointed out the applicable provision of the IT Act. The key words here are "accesses or secures access". It does not talk about intention. Just gain access and you violate the law. :rolleyes: IMHO, provision needs to be re-worded.

I am glad that it has been taken in the right spirit by Digit. Don't expect everyone to be sensible enough. Be aware of the law before you plunge in hacking other sites as someone suggested here. Ignorance of law is no excuse. :))

OFF TOPIC:
Just a small question on mens rea aka intention. What if I go to a place to kill "A" and accidently kill "B"? I never intended to kill "B"! :))
 

victor_rambo

हॉर्न ओके प्लीज़
Yup, intention does matter in case of a crime - mens rea - thats what its called. But thats a generic proposition, not law. ;) FilledVoid has pointed out the applicable provision of the IT Act. The key words here are "accesses or secures access". It does not talk about intention. Just gain access and you violate the law. :rolleyes: IMHO, provision needs to be re-worded.

I am glad that it has been taken in the right spirit by Digit. Don't expect everyone to be sensible enough. Be aware of the law before you plunge in hacking other sites as someone suggested here. Ignorance of law is no excuse. :))

You have mentioned only one clause. But I have a legal point that will defeat every other clause you say! Now don't expect me to spill the beans here :D

You see, you are aware of the clause, but I am aware of its loopholes :D because i have not disclosed each and every fact related to the case in public. ;)
 

tuxfan

Technomancer
You have mentioned only one clause. But I have a legal point that will defeat every other clause you say! Now don't expect me to spill the beans here :D

You see, you are aware of the clause, but I am aware of its loopholes :D because i have not disclosed each and every fact related to the case in public. ;)

Spill the beans?! Thats called sharing of knowledge! A law is not a secret treaty or map to a treasure :p We tried to enlighten you by showing you something. Now it's your turn to reciprocate ;)

What if I say "you have committed a crime, don't ask how/what/why because I can't spill the beans"!! :))
 

victor_rambo

हॉर्न ओके प्लीज़
Spill the beans?! Thats called sharing of knowledge! A law is not a secret treaty or map to a treasure :p We tried to enlighten you by showing you something. Now it's your turn to reciprocate ;)

What if I say "you have committed a crime, don't ask how/what/why because I can't spill the beans"!! :))
lol.........bachhe ki jaan le lego kya........:D
 

Ecko

Wandering In Tecno Land
Thanks.
Looks like u are an Army Officer :D

Are yaar ye profile pic galti se meri statement ke saath match ho gayi
I'm not a ARMY OFFICER neither I want my next 7 generation to be part of it :D
I know they are excellent,brainy,courageous & possess qualities unmatched but let them do their job & let us do ours :)(Pun Intended) :D
I'm changing it now :)

ONTopic :If U Are you holding lectures for SQL Javascript Injection do adjust me 2 :rolleyes: ;)
 

victor_rambo

हॉर्न ओके प्लीज़
Are yaar ye profile pic galti se meri statement ke saath match ho gayi
I'm not a ARMY OFFICER neither I want my next 7 generation to be part of it :D
I know they are excellent,brainy,courageous & possess qualities unmatched but let them do their job & let us do ours :)(Pun Intended) :D
:oops:

ONTopic :If U Are you holding lectures for SQL Javascript Injection do adjust me 2 :rolleyes: ;)
:rolleyes:
 

Ecko

Wandering In Tecno Land
Yaar U must have got excited(on hacking)happy(after posting here)cheerful(after reading comments)& last but not the least irritated(replying to all) :D
 

tuxfan

Technomancer
Rohan, did you miss my post? I just wonder why you are not willing to discuss legal provision about hacking after actually hacking?

If you wish, I can try and get opinion of Mr. Krishna Dhamapurkar, Investigation Office, Cyber Crime Cell at Mumbai or his boss Mr. M. Pawar, Inspector, In-charge of Cyber Crime Cell at Mumbai. May be I can call up or email a link of this thread with a request to post their opinions.
 
Status
Not open for further replies.
Top Bottom