Announcement

Collapse
No announcement yet.

Why Syngress.com Needs Hack Proofing

Collapse
X
Collapse
  •  

  • Why Syngress.com Needs Hack Proofing

    Why Syngress.com Needs Hack Proofing

    by DIzzIE

    [c]opyleft 2003

    Introduction

    Syngress Publishing is one of the most renowned publishing houses in the IT field, perhaps best known for its assortment of ‘Hack Proofing’ books. Which is why it is all the more ironic that Syngress.com is itself vulnerable to intrusion, allowing anyone to obtain any of the ebooks offered for sale on its website for free, with no particular skill in Internet Security.

    Starting Out

    In order to be able to obtain any ebook Syngress offers, one must first have a membership to the Syngress Solutions (‘[email protected]) service: http://www.syngress.com/solutions/index.cfm. Membership is obtained by entering a serial number on the registration website, http://www.syngress.com/solutions/registration.cfm. A list of 10 possible serial numbers appears on the copyright page of all Syngress books in the following format (the serial numbers in this example are purely fictional):

    KEY SERIAL NUMBER 001 D363OPQHZ89 002 10LAWOUVF5D (etc…)

    The registration website prompts for a random key (1-10), and asks you for the corresponding serial number. Thus, when going to the library or bookstore, write down all ten serial numbers. Once you are registered, you have access to that particular book, in ebook format. Of course, you may add to your list of available books by entering more serial numbers, but the tedium of spending a day writing down serial numbers can surely be averted. And in fact, it can be due to a gaping flaw which will now be explained.

    Robbing Syngress Blind

    When you have registered, and logged in, you see the book whose serial number you inputted listed under ‘Registered Solutions Books.’ Clicking on the book link takes you to a website for the book, which allows you to download a PDF version of the book, as well as do a few other things such as submit a question to the author, download any CD content (if applicable) and so forth.

    What is important is the site URL for the particular book. It will be in the format: http://www.syngress.com/solutions/587_Hack_Wifi/ (the last portion of the URL, /587_Hack_Wifi/ is the unique path assigned to the book, in this case the path is purely fictional). What if you knew what the other paths were? Well, then you would be able to obtain any book you wanted.

    Browsing Syngress’ online book catalog, for example Syngress’s security literature section, http://www.syngress.com/marketing/security/ebooks.cfm, it is seen that for most books, the table of contents, along with a sample chapter is available. The TOC/Sample Chapter, are located in http://www.syngress.com/book_catalog/587_Hack_Wifi/ (once again the last path is fictional). What you should have noticed is that the path is identical to the one in the /solutions/ folder. Thus, to obtain a copy of any book, it is as simple as appending the book path that appears in the /book_catalog/ folder to the /solutions/ URL.

    It is interesting to note that, the reason that you must register is that if one tries to access any book in /solutions/ without being a logged in, registered member, one gets redirected to the Solutions homepage, http://www.syngress.com/solutions/.

    Solutions

    Needless to say, this indiscretion is likely causing Syngress’ profit margins to deflate slowly but steadily. Not being an expert in Internet Security, I can nonetheless propose what seems to be a common sense economical solution that can be done within an hour: change the naming conventions for the books, i.e. make sure the book path in the /book_catalog/ folder does not coincide, or is not even remotely close to, the book path in the /solutions/ folder. I hope that this article has raised awareness of the existence of such miniscule ‘holes’ that are then too often overlooked…

      Posting comments is disabled.

    Hot Topics

    Collapse

    There are no results that meet this criteria.

    Latest Articles

    Collapse

    • You can be a Peeping Tom without Getting Caught
      by Enigma
      You can be a Peeping Tom without Getting Caught

      by Brutus Maccabee

      Another Great You-Can-Be-A- file from Brutus Maccabee!

      © July 11, 1988 {8th day of the Tour de France}

      Ok, you're a normal guy with normal needs. Your girlfriend won't put out; you don't have enough for a whore. Pornos and Playboy just don't cut it anymore. You want real live sexual activity before you. Fucking the Dead is one way. (Someone wrote a file on that didn't...
      12-24-2022, 11:29 AM
    • Why Syngress.com Needs Hack Proofing
      by Enigma
      Why Syngress.com Needs Hack Proofing

      by DIzzIE

      [c]opyleft 2003

      Introduction

      Syngress Publishing is one of the most renowned publishing houses in the IT field, perhaps best known for its assortment of ‘Hack Proofing’ books. Which is why it is all the more ironic that Syngress.com is itself vulnerable to intrusion, allowing anyone to obtain any of the ebooks offered for sale on its website for free, with no particular skill in Internet...
      12-24-2022, 11:29 AM
    • What to do on a Clear Summer Night
      by Enigma
      What to do on a Clear Summer Night

      by Cablecast 0perator and Pyro Maniac

      Ya! School is finally out! It's a warm 70 degrees with no wind, the stars are bright, and the moon is full -- not a cloud in the sky! Since the BBS's aren't able to be logged on to until after everyone is asleep, why not get a friend or two and go outside?

      What You Need




      35mm Camera

      Lots Of Film!

      At Least a 230mm...
      12-24-2022, 11:28 AM
    • War Tactics
      by Enigma

      War Tactics

      I don't know if these will be of any use to you, being the civilized, cultured human beings we are, but I've been known to use them.

      How to kill using bamboo rods




      Well take a bamboo stick or better yet a knife and put any type of animal excrements (shit) on the knife or the sharpened bamboo rod... Plant the knife or rod in the ground firmly... When someone steps on it they most likely will die of blood...
      12-24-2022, 11:28 AM
    • Wal Mart Theft: Spy Shoppers
      by Enigma

      Wal Mart Theft: Spy Shoppers

      by Destiny

      First of all, I want to make it clear to you all how my shoplifting came about. I was homeless for a summer because my mom was on tweak so we got evicted. There was no food. And when I say no food, I don't mean that I really had a bunch of food that had to be cooked but didn't feel like it, I mean I really had no food. So my mom sent me into the grocery store to steal food for us. I went, I saw the food, and I conquered...
      12-24-2022, 11:27 AM
    • Video Case Swapping
      by Enigma
      Video Case Swapping

      by Catalyst

      Video Case Swapping

      Earlier this month federal police decided to raid my house and confiscate chemicals, computers and documents using a warrant stating that I had violated two terrorism codes; something along the lines of threatening a political personality and conspiring to fund terrorist acts. Although I never harmed a politician physically and never funded terrorism, I was still arrested for what I had said on a...
      12-24-2022, 11:27 AM
    Working...
    X