[Kitetoa, les pizzaïolos du Ouèb

Vivendi, the coming back !

Hackable servers, unreachable managers...

 
Récapitulatif des papiers
sur le monde étrange
des administrateurs réseau
et systèmes
Récapitulatif de nos
copies d'écran
sur ce même monde étrange
It's a funky job.
But Kitetoa's digital clone
does it...
Do you know info-hack
Kung-Fu?
La hotte du Kitetopapanoël
Ze Mega Kite-Teuf!
La fête de l'été de Kitetoa...
Les sites les plus nazes
de l'été 2000
La Loi de 78 impose
aux entreprises de protéger
les bases de données qu'elles
constituent...
Zebank and Atos are among the Top 10 dotcoms quoted by Kitetoa.com. Here comes the times of... Vivendi. This group had already been exposed in here because it left some of its internal documents on its public misconfigured Web sites. At that time, Cegetel (Vivendi) had considered any means to sue us. They did not like us to expose this information. Let us hope that this time once again, they will understand that we are helping them for free and that they will not sue us.

Vivendi is about to sell Vivendipublishing, its press activity. An enormous stuff... We wanted to see what it looked like on the Web. Well... It looks like something so misconfigured and deeply hackable that we are still laughing. One would wonder what is Jean-Marie Messier paying his security guys for... Others will see J2M as machiavelic as to sell those hackable websites and then return later with its Atari Net Generation (the free computer Vivendi is offering to its staff).

The subject is quite serious. The orders placed on the e-shops are accessible, the sites are hackable, the admin passwords are coded in the asp pages and can be viewed in a browser from anywhere on the Net. Free access and total disclosure!

;)

We have far too many screenshots... Jean-Marie Messier wrote a book. The titel is: "j6m.com, should we be afraid of the new economy". Did he ever had any clear idea of what a company, with an online presence, should really fear ? If it's the case, he would be really afraid.

                     Security is not a CEO's stuff

The VivendiUniversalpublishing site itself [ here the help page related to the home page of the site which makes it possible to manage remotely VivendiUniversalpublishing via an HTML interface], some sites related to health, the publishing companies Dalloz and Dunod, these are as many easy hackable servers. The passwords coded where they should not be are generally default passwords. In short, a very good security policy for this company which wants to take a leadership on the Net as in the real world. And, don't forget that they already had a similar problem... Can't they learn anything?

As usual, we warned the sysads by e-mail. But this time, we wanted to know up to which point the general managers of a huge group could be interested (wished to imply themself?) by a serie of serious problems on its network of servers. We thus proposed in our mail to meet Eric Licoys, one of Jean Marie Messier's right arms, so that we could expose the problems. We, of course, proposed that tech guys be present. Bad luck, Eric Licoys is a very important person. He's got too many appointments. No way to meet him.

Even if we told the guys at Vivendi that we would only disclose the names of the hackable servers to him. The discussion lasted for one week with four different persons at Vivendi. But no way. This shows, in our humble opinion, how much the companies and the managers don't give a shit about security. We could only commit them reading or reading again Hell's r00ts which is not anymore a novel, but reality.

The other interesting trick is to see that certain men are unreachable. Did the guys at Vivendi wonder whether we were as much monopolized by our jobs as their bosses ? Did somebody wonder whether the fact of proposing an appointment to give away, for free, a half-day with the  IP technologie loosers could be a problem for us???

In addition, we had chosen Eric Licoys because we had a mean to geet in touch by phone with him very quickly. It then turned out to be funny to see what's easier in order to reach him: being an anonymous guy or having a good "network" in real life. The answer is: you'd better know someone close to those guys if you want to talk to them.

Weired huh?

Let's come to an end...

If the companies' data is  their richness, if their image is a significant component of the evolution of their stock exchange price, then, the owners of Vivendi did not determine the effects which could have an intelligent attack on their servers. An attack aiming at recovering the contents of the databases and at modifying (in an intelligent way) the information disseminated by the subsidiary companies through sites of the group... Which would, for example, be the effect of a press release announcing that   the results of the group will be well worse than forseen, a few days before the official release of the numbers? One could earn a lot of bucks on the stock markets...

Dear investors and pension funds: from now on, you know how much the stock price of VivendiUniversal could be endangered by large erratic fluctuations and which answer the managers give to this type of problems.

Kitetoa

 

Page d'accueil

Nous écrire
By mail

Nous envoyer des commentaires
By la page de le Feed-Back

Les mailing-lists

Nouveautés

Les stats du serveur

et...

Qui sommes-nous?

Le Sommaire
de
Kitetoa
(orientation...)

Sommaire général du site
(voir tout le contenu)

Les rubriques!

Les livres publiés par Kitetoa
Les Textes
Les interviews

Kit'Investisseurs
Fonds d'écran et autres trucs

Les rubriques!
(suite)
Les Let-R-s

Des Images
On s'en fout!

KitEcout'
KessTaVu? -KiteToile
Voyages

Statisticator, l'autre site...

Les dossiers :

Precision [ZataZ]
Le monde fou des Admins
Defcon
Le hack le plus bizarre
Guerre de l'info
Convention contre la cyber-criminalité
Hack

Questionnaire visant à améliorer le contenu de  ce site si c'est possible et pas trop compliqué

Réponses au questionnaire visant...
(merci)

Le Forum
Kitetoa-blah-blah

Rechercher
sur le site

...et sur le Net


Des liens
et
D'autres choses du Ouèb