

Twitter XSS Worm writer Mikeey gets hacked - dryicerx
http://seclists.org/fulldisclosure/2009/Apr/0168.html

======
dchest
Summary: he stored all his passwords (for servers, Gmail, Skype, AIM, etc.) in
_allinfo.txt_ on his web server.

~~~
csomar
this happen with me sometimes, i think that no one will think of this file to
open or think of its content.

Two mistakes he made 1- the file name is easy to guess 2- he allowed file
listening in his server

~~~
dryicerx
I asked the guy who did this what the entry point was,

The file name was not guessed, it was a shell command injection on the
website, doing a ls listed an interestingly named file "allinfo.txt". Looking
at this, it had the ssh username/password...

~~~
jerryji
Cool, that's why it's called HACKER news here :)

------
rudyfink
Wow. Street justice does not fool around.

------
bcl
Well, there is no way to confirm if the post is really true. Put it sure is
funny as hell.

Advice to mike, read up on a little project called Gnu Privacy Guard.

~~~
Sephr
Same issue here. I have a ton of my usernames and passwords for services, but
I can't confirm if they are true.

I wonder what I should do? Oh yeah, it's called logging on with them.

------
jonursenbach
Karma's a bitch, isn't it?

