Another message via the medium, this time from someone who knows how to use a remailer, and is therefore anonymous:
Don't try this at home! (without an anonymizing proxy, anyway)
Google willingly gives anyone a list of highly vulnerable US Government websites. Just write the following into the search box:gimme pow that do some splat
These are sites that construct blah directly from blech. Most of them would respond to blah that are not supported by the blech-based interface, leaking sensitive information left and right. But quite a few would let you splat the splotches as well, up to and including blamming entire ker-blats.
You didn't hear it from me.
OK, that was fun. Problem now is, how does someone I don't know that won't hear it from me get it from someone I didn't hear it from?
Here's the rest of the message. I think we should all try it. Safety in numbers.
Just write the following into the search box:allinurl:.gov select from where
These are websites that construct SQL queries directly from the URL. Most of
them would respond to queries that are not supported by the web-based UI of
the website, leaking sensitive information left and right. But quite a few
would let you modify the databases as well, up to and including dropping
The only question left is whether I'm not hearing from one anonymous or two? But you're not asking that.Posted by iang at April 20, 2008 12:38 PM | TrackBack