[Kitetoa, les pizzaïolos du Ouèb

Doubleclick, hacked since 1999

ExplicitDefjpg.jpg (6059 octets)

  navbar Doubleclic
Devenez un technicien chez
Doubleclick

Become a tech guy at
Doubleclick
Doubleclick Round 4
Lisez mes mails, oups...,
sur mes lèvres: "nous
réparons"
Read my mails, oops...,
my lips: "we are fixing
this mess"

Doubleclick Round 3
La réponse officielle
The official response

Doubleclick Round 2
Bases de données non
protégées

Unprotected databases...
Doubleclick Round 1
Hacké depuis 2 ans?
Hacked for 2 years?
nav bar recap admins
Récapitulatif des papiers
sur le monde étrange
des administrateurs réseau
et systèmes
Récapitulatif de nos
copies d'écran
sur ce même monde étrange
Cette page n'est plus mise à jour
depuis août 2001
Taijiquan style Haking (dot com)
Sasak style Haking (dot com)
Le Match Kitetoa versus
Ugly Discoursmarketing
It's a funky job.
But Kitetoa's digital clone
does it...
Do you know info-hack
Kung-Fu?
La hotte du Kitetopapanoël
Ze Mega Kite-Teuf!
La fête de l'été de Kitetoa...
Les sites les plus nazes
de l'été 2000
La Loi de 78 impose
aux entreprises de protéger
les bases de données qu'elles
constituent
...
In the marvellous world of the new-old-new economy, ex-future dotcomania, everybody knows DoubleClick, the biggest online advertisments retailer. In other words, DoubleClick is the best way to put banners on a large amount of websites. And if you want to know how many people visited your website, DART, a DoubleClick's technology, is made for you. Unavoidable...

How many clients ?

A lot. It's quite difficult to find a precise answer, but we've found an official document which DoubleClick released to the SEC: "We currently serve ads for over 2,000 clients worldwide, and in December 2000 delivered approximately 63 billion targeted advertisements to Internet users worldwide."

How many banners ?

"New York, 3/12/01 - DoubleClick Inc. (NASDAQ: DCLK), the leading digital marketing solutions company, today announced DoubleClick's DART (Dynamic Advertising Reporting Targeting) technology marked another milestone, serving its one trillionth ad. Currently, DART serves an average of 2 billion ads daily, which outpaces the daily average of 1.75 billion shares that Nasdaq's trading network processes."

OK, but what's the problem ?

Two years ago, a US security company, eEye Digital Security, released an advisory concerning Microsoft IIS's web servers which explained that it was possible to create a telnet remote access with root's privilege when the server was misconfigured. In other words, it's possible to control an entire server within seconds.

And we've just discovered, while surfing on DoubleClick's website, that its servers has a... backdoor. And this kind of trojan horse which authorize to remotely access to the server is in the place since... 1999 !!! DoubleClick has been hacked two years ago using an exploit (which is also two years old), and, since then, everything's fine, nobody ever noticed anything, and DoubleClick continued to manage its ads, again and again... This also means that, as the server has been misconfigured (open), for two years, there's a fair amount of probability that the person who placed the backdoor accessed many other datas within DoubleClick databases or network. For example, the "manage.doubleclick.net"'s server, which is not far from the one that has been hacked, will help a Doubleclick's customer to remotely manage it's DART advertising campaign... Just imagine what can be done if someone stole datas that pass among this system.

Speaking of privacy, Doubleclick explains : "DoubleClick Privacy Statement Internet user privacy is of paramount importance to DoubleClick, our advertisers and our Web publishers. The success of our business depends upon our ability to maintain the trust of our users."

You're kiddin'...

Let's say that, as some merchants put large banners which advertise "Smith & Cie, brick & mortar since 1910", DoubleClick could publicize itself with something like "DoubleClick, hacked since 1999"...

Kitetoa

eeye-very-small.gif (6636 octets)

Read the follow-up here...

 

Liens de navigation

Naviguer, lire....

Page d'accueil

Nouveautés

Le Sommaire
de
Kitetoa

(orientation...)

Communiquer...

Le Forum
Kitetoa-blah-blah

Nous écrire

Les mailing-lists

Les stats du serveur

Qui sommes-nous?

Les rubriques!

Les livres publiés par Kitetoa

Les interviews

Kit'Investisseurs

Fonds d'écran et autres trucs

Les rubriques!
(suite)

KitEcout'

KessTaVu?-KiteToile

Voyages

la malle de Kitetoa
(vieilleries du site)

Les dossiers

Le monde fou des Admins

Tati versus Kitetoa

Tegam versus Guillermito

Malade mental...

Qui est Jean-Paul Ney,
condamné pour
menaces de mort
réitérées contre Kitetoa?

Le texte de la condamnation
de Jean-Paul Ney
(résumé html)
(complet pdf)

Malade mental, bis repetita

Jean-Paul Ney condamné
pour diffamation
à l'encontre du webmaster
de Kitetoa.com

Condamnation de Jean-Paul Ney
pour diffamation (pdf)

D'autres choses...

Aporismes.com

Statisticator

L'association Kite-Aide

Rechercher...

Rechercher
sur le site

et sur le Net...

Jean-Paul Ney

Jean-Paul Ney