lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 10 Aug 2009 12:03:38 -0400
From: T Biehn <tbiehn@...il.com>
To: Sky <whitematrix@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Hindustan Times epaper Server Hacked

While your publications are slightly pretentious (who am I to talk?) I
applaud your idealism in an age of rampant cynicism.

Don't log into any US Government systems looking to liberate secret
UFO docs tho, that gets you extradited.

A small suggestion, do not use a consistent pseudonym, post completely
anonymously. It's difficult to keep the ego from making mistakes.

-Travis

On Sun, Aug 9, 2009 at 1:56 AM, Sky<whitematrix@...il.com> wrote:
> Hindustan Times epaper Server Hacked
> http://sky.net.in/hindustan-times-epaper-server-hacked/
>
> Hindustan Times (HT) is India’s leading newspaper, published since 1924 with
> roots in the independence movement. In 2008, the newspaper reported that
> with a (circulation of over 1.14 million) ranking them as the third largest
> circulatory daily English Newspaper in India. The Mumbai edition was
> launched on 14 July 2005. HT has a readership of (6.6 million) ranking them
> as the second most widely read English Newspaper after Times of India.
> (Source: Wikipedia article on Hindustan Times) -
> http://en.wikipedia.org/wiki/Hindustan_Times
>
> HindustanTimes + Hindustan epaper Server Hacked
> http://lh4.ggpht.com/_gbWPSul_tCM/Sn5UNhLLVYI/AAAAAAAAASM/JY9bc67HV14/s800/hindustan_times_hacked.jpg
>
> Why was Hindustan Times (HT) epaper Server Hacked ?
>
> Many people think that Hindustan Times (HT) (English Edition) + Hindustan
> (Hindi Edition) is available on the internet free of cost, HT Media has made
> it compulsory to register on their website in order to read the daily online
> edition of their published newspapers, on completion of registration HT
> Media provides you instant access to read daily edition, the CATCH is – you
> can only read the daily edition + past seven days editions (from the current
> date) as a free user, whileas if you wanna read any edition beyond seven
> days, you will have to pay a huge (rip off) amount to HT Media (in the name
> of digital archive subscription)
>
>
> Registration Information Collected by HindustanTimes
> http://lh6.ggpht.com/_gbWPSul_tCM/Sn5WIrsZxcI/AAAAAAAAASs/Lc6NaQzxEfk/s800/HT_registration.jpg
>
> Free HindustanTimes Editions
> http://lh6.ggpht.com/_gbWPSul_tCM/Sn5UN35Yx5I/AAAAAAAAASU/6THfLaMu00M/s800/HT_free_editions.jpg
>
> Restricted Access to HindustanTimes epaper Archives
> http://lh4.ggpht.com/_gbWPSul_tCM/Sn5UN5umsJI/AAAAAAAAASY/5_SfNzOEm7w/s800/HT_newspaper_subscribe.jpg
>
> Archive Subscription Charges for HindustanTimes is a total Rip Off
> http://lh4.ggpht.com/_gbWPSul_tCM/Sn5ViIwx2aI/AAAAAAAAASo/6TMgKDuc6Vg/s800/HT_archive_charges.jpg
>
>
> As a hacker, i think its not fair (for anyone) to loot common people and
> sell (publicly gained) information in such a way, so i decided to peek
> inside the server and find some bugs / architectural flaws which would allow
> me to access past newspaper (Images / PDF) editions for free
>
> Within a couple of hours, i managed to find some bugs / architectural flaws
> (& vulnerabilities) which gave out free access to the past (Images / PDF)
> newspaper editions
>
> Calvin and Hobbes publishing error
>
> I used to search the newspaper (HT hard copy) every morning for technology
> related news (hoping any Indian journalist must have written some piece)
> that went on for like weeks and then i started reading Calvin and Hobbes
> (the comic strip) every day published in HT Cafe
>
> On 2nd / 4th / 9th June, Hindustan Times (HT) published the same Calvin and
> Hobbes strip, how should i react against this publishing error by Hindustan
> Times, as a fan of Calvin and Hobbes, i expect new comic strip every day
>
> Checkout the exact same Calvin and Hobbes strip published thrice on various
> days in the single month of June (2009)
>
>     2nd June
>
> http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/02/538/02_06_2009_538_013.jpg
>
>     9th June
>
> http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/09/538/09_06_2009_538_002.jpg
>
>     4th June
>
> http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/04/538/04_06_2009_538_006.jpg
>
> Informing the privileged authorities
>
> On 10th July 2009, i informed the editor and other top most authorities @
> HindustanTimes via email regarding the serious bugs / flaws (&
> vulnerabilities) on their ePaper Server which can be exploited to compromise
> data and cause financial losses for HT Media
>
> My email to HindustanTimes
> http://lh5.ggpht.com/_gbWPSul_tCM/Sn5WJt3UKGI/AAAAAAAAAS0/KOnhjTtBNnk/s800/my_email_hindustan_times.jpg
>
> Rashmi Chugh's reply to me
> http://lh4.ggpht.com/_gbWPSul_tCM/Sn5W9mSD0pI/AAAAAAAAATI/O5hazb5IIY4/s800/rashmi_livemint_reply.jpg
>
> Although i received a reply from Rashmi Chugh (Business Head and Publisher,
> LIVEMINT) within 3 minutes, i waited for 24 hours to receive other
> recipients reply (as i wanted to know what they thought about the issue) but
> sadly no one replied back except Rashmi Chugh, so i sent her a reply the
> other day
>
> My reply to Rashmi Chugh, LIVEMINT
> http://lh3.ggpht.com/_gbWPSul_tCM/Sn5WNEiwmRI/AAAAAAAAAS8/F4K3XhMWLyc/s800/my_reply_rashmi_chugh.jpg
>
> After sending my reply to to Rashmi Chugh, i haven’t received any responses
> (since 29 days) from any of the authorities / employees working for
> HindustanTimes
>
> I have been using these architectural flaws for sometime to gain access to
> past editions of newspapers / magazines / supplements published by HT Media,
> i believe information taken from the people (especially newspapers) should
> be free and accessible to everyone
>
> The bugs / architectural flaws (& vulnerabilities) found by me still exists
> and works actively when used on the server, this shows that they are not
> interested (or don’t care) anymore to fix it, which makes me post the full
> disclosure information on my blog for (free access to previous epaper
> editions)
>
> Follow the below steps to gain free access to past (online) editions without
> subscribing to the archives
>
>     * Proceed to the HindustanTimes – ePaper Registration URL @
> http://epaper.hindustantimes.com/registernew.aspx
>
>     * Fill in only the essential fields required (for registration) such as
> (any) email ID, name, password, address, city, state, zip
>
>     By default the country (field) option value (txtCntry) is set to
> Albania, whileas it should be India – at least show some patriotism towards
> our country
>
>     * After you complete the registration, you will be presented with
>
>     Registration Approval without Verification is a Vulnerability in
> HindustanTimes
>
> http://lh6.ggpht.com/_gbWPSul_tCM/Sn5UN8jQlYI/AAAAAAAAASc/boEUb_YSzkg/s800/HT_reg_success.jpg
>
>     Once the registration process is completed, the email ID (used during
> registration) will be activated instantly by Pressmart (the automated system
> used by HT Media) without any welcome / verification email to the inbox,
> which would allow anyone to use any email ID (during registration) without
> being detected by the real email ID owner, which in itself poses a security
> risk (making it a vulnerability)
>
>     The implementation / usage of verifying the email ID (used during the
> registration) with a random activation link to the inbox should resolve this
> issue (which HT Media currently doesn’t)
>
>     Its possible that such facilities might be already existing within
> Pressmart (the automated system used by HT Media) and the Webmaster didn’t
> feel like activating it to save time and increase more registrations on
> their epaper website in order to retrieve the users information (filled
> during the registration) for their internal marketing / research purposes or
> to increase their newspaper ranking
>
>     * Proceed to the Login Page @
> http://epaper.hindustantimes.com/Login.aspx
>
>     * Enter the email ID and password, select any edition from below and
> paste the URL into your address bar (to view the past editions in Image /
> PDF format for free)
>
>     In the URLs below, after the text (pg2=) first value is the date /
> second is the month / third is the year / fourth is the page number
>
> English Editions – Hindustan Times (PDF Format)
>
>     * Mumbai Edition
>
>
> http://epaper.hindustantimes.com/PDFHandler.ashx?p1=Web/HTMumbai&p2=12_06_2009_001.pdf
>
>     * Delhi Edition
>
>
> http://epaper.hindustantimes.com/PDFHandler.ashx?p1=Web&p2=21_05_2009_001.pdf
>
>     * Chandigarh Edition
>
>
> http://epaper.hindustantimes.com/PDFHandler.ashx?p1=Web/HTPunjab&p2=19_06_2009_001.pdf
>
> Hindi Editions – Hindustan (PDF Format)
>
>     * Delhi Edition
>
>
> http://epaper.hindustandainik.com/PDFHandler.ashx?p1=Web&p2=29_05_2009_001.pdf
>
>     * Kanpur Edition
>
>
> http://epaper.hindustandainik.com/PDFHandler.ashx?p1=Web/HTKanpur&p2=21_06_2009_001.pdf
>
>     * Patna Edition
>
>
> http://epaper.hindustandainik.com/PDFHandler.ashx?p1=Web/HTPatna&p2=26_05_2009_001.pdf
>
>     * Lucknow Edition
>
>
> http://epaper.hindustandainik.com/PDFHandler.ashx?p1=Web/HTLucknow&p2=24_05_2009_001.pdf
>
> Hindustan Times (HT) Brunch Magazine (English) (PDF Format)
>
>     * Mumbai Edition (Published Only On Sundays)
>
>
> http://epaper.hindustantimes.com/PDFHandler.ashx?p1=Web/HTMumbai&p2=31_05_2009_321.pdf
>
> Hindustan Times (HT) Cafe (English) (PDF Format)
>
>     * Mumbai Edition (Daily Supplement with HT Mumbai – English Edition)
>
>
> http://epaper.hindustantimes.com/PDFHandler.ashx?p1=Web/HTMumbai&p2=26_05_2009_531.pdf
>
> Accessing the past ePapers in Image Format
>
> If you would like to browse the past newspapers in image edition, then
> simply change the values according to your choice in the below URL and
> retrieve it from the server
>
> The variable format is
>
>     / Page / year / month / date / date_month_year_pageno.jpg
>
>     / Page / year / month / date / date_month_year_pageno_part.jpg
>
>     Hindustan Times – 31st December 2008 – Main Edition (English) – Mumbai
>
> http://epaper.hindustantimes.com/Web/HTMumbai/Page/2008/12/31/31_12_2008_001.jpg
>
>     HT Cafe (English) – 26th January 2009 – Hindustan Times – Mumbai
>
> http://epaper.hindustantimes.com/Web/HTMumbai/Page/2009/01/26/26_01_2009_531.jpg
>
>     HT Brunch – Magazine (English) – 31st May 2009 – Hindustan Times –
> Mumbai
>
> http://epaper.hindustantimes.com/Web/HTMumbai/Page/2009/05/31/31_05_2009_321.jpg
>
> The automated system
>
> Hackable Magazine Publishing Software
> http://lh6.ggpht.com/_gbWPSul_tCM/Sn5W9ujFvkI/AAAAAAAAATE/Xg54_u9W2vQ/s800/pressmart.jpg
>
> Hindustan Times epaper webportal is powered by Pressmart, which provides
> electronic publishing software (& digital publishing solutions) to various
> newspaper publishers across the world, if i had more time to work then i
> would have surely dug out more bugs / architectural flaws (&
> vulnerabilities) within Pressmart softwares but the fact is (i don’t find
> them interesting enough)
>
>     Pressmart is a digital publishing service for newspapers, magazines,
> journals, catalogs and practically any print publication. We help
> publications deliver their print content on the new media – covering the
> entire breadth of web, mobile, podcast, RSS, social networking sites and
> search engines, with integrated revenue and cost-saving capabilities.
>
>     Beyond delivery, Pressmart help publications monetize their digital
> edition through subscriptions and advertisements. Our service platform is
> eCommerce and advertising ready to generate revenue streams instantly. It
> includes all the components up to the monetization stage after the pre-press
> pages are prepared. All the publication has to do is supply their pre-press
> pages and Pressmart takes care of the rest.
>
>     Source: Pressmart Official Website -
> http://www.pressmart.com/eedition.html
>
> Internet explorer sucks
>
> HindustanTimes is coded for Internet Explorer Compatibility which Sucks
> http://lh5.ggpht.com/_gbWPSul_tCM/Sn5WJHT68wI/AAAAAAAAASw/pvOSLmr6UeQ/s800/internet_explorer_sucks.jpg
>
> Hindustan Times website + ePaper portal says
>
>     (Site best viewed in Microsoft Internet Explorer 5.5+ SP1 in 800×600 &
> 1024×768 resolution)
>     Click here to download the latest version of internet explorer
>
> I would advise Hindustan Times to download / use Firefox and some other open
> source tools / codings for their website + ePaper portal instead of stuffing
> it with junk / heavy / unwanted codings, try to keep it clean / clear /
> simple
>
> Internet Explorer Sucks
> http://lh3.ggpht.com/_gbWPSul_tCM/Sn5dF1sxLtI/AAAAAAAAATs/g93iLoFd-3I/s800/internet_explorer_sucks.jpg
>
> Dedications
>
> I would like to dedicate this hack towards Club Calvin @
> http://www.clubcalv.in and all cute kids
>
> I love you Firefox <3 / thank you (Firefox) for being my companion during my
> pen tests………
>
> I love Mozilla FireFox
> http://lh3.ggpht.com/_gbWPSul_tCM/Sn5X-A8gyWI/AAAAAAAAATQ/5kI9IeHLexA/s800/i_love_mozilla_firefox.jpg
>
> --
> Sky
> http://sky.net.in
> http://twitter.com/skycu
> =============================
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ