Hi, Guest
^^ What isn't mentioned there is HOW they found out what file to use. How did they do it? If you're doing blind subdirectory listing attacks on a webserver, attempting to access info that the server doesn't give up by default when you access a hosted domain name (ie. http://www.mobitv.com), that's probing. They call it hacking, which it isn't... it's more of a "soft" brute force attempt to poll a server for resources that shouldn't be visible. On that note, there's no mention if a known IIS / Apache vulnerability was used to gain access to said file.
There's no way they just "entered a URL" without knowing the exact destination. That's an awful lot of 404s to entertain for the sake of one content file. Either they "hacked" their phone's feed and found the source file or they probed the content server until they found the source file. Either way, it's a grey area at absolute best.
Sure, if a misconfigured media player plugin gave up the URL, that's fine... but by accessing content that they shouldn't be able to (accessing wireless networks, anyone?), they aren't exonerated from legal obligations.
Yes, they should have posted how they found the URL - which they won't, because they'll just keep doing so a little more privately in the future.
Steve - LOL @ the Apache config page. But that also proves my point. By going there, you can't do blind directory listings. So, they had to know where to go. Chicken and the egg and all that.
There's no way they just "entered a URL" without knowing the exact destination. That's an awful lot of 404s to entertain for the sake of one content file. Either they "hacked" their phone's feed and found the source file or they probed the content server until they found the source file. Either way, it's a grey area at absolute best.
Sure, if a misconfigured media player plugin gave up the URL, that's fine... but by accessing content that they shouldn't be able to (accessing wireless networks, anyone?), they aren't exonerated from legal obligations.
Yes, they should have posted how they found the URL - which they won't, because they'll just keep doing so a little more privately in the future.
Steve - LOL @ the Apache config page. But that also proves my point. By going there, you can't do blind directory listings. So, they had to know where to go. Chicken and the egg and all that.
Daily driver 1: 2007 Jeep Wrangler Unlimited Sport "S"
33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.
Daily driver 2: 2006 Subaru Legacy GT
COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.
Daily driver 2: 2006 Subaru Legacy GT
COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.