Using "password" for a password is really stupid, but "really stupid" is relative to the knowledge level of the person pointing it out, in most cases. I'd prefer not to find out what really stupid thing I've done to allow some script kiddie access to my servers (or whatever the case may be).
... but that's probably just me, though.
They also said "We have had thousands of breakin attempts over the past few days". No surprise really.
And they are planning some posts pointing out the vulnerable nature of apps in the cloud.
Edit: On second thought I assume you mean one of them is useful, but I could not tell from your comment which you though was more useful.
For example, one prank I pulled (which was admittedly pretty basic and silly) was a creative redirection using .htaccess for a certain someone's fixed IP address who used to lurk a site I ran last year. This person had an extreme distaste for me, because of the existence of the site and she would publicly slander me for something I never did at every available chance.
So I decided to have a little fun with her.
I set up a page with her (publicly available) photo with large text headline saying that she had been hacked, which the redirection went too.
Total time to setup - less than 3 minutes.
Having her write me a lengthy email me telling me that she was going to call the police (in Australia) and have me arrested was pretty interesting. I never responded.
I think I would be freaked out too if the next time I visited someone's blog (which I was hypothetically consistently leaving trolling/nasty comments on) there would be my picture there, exclaiming how I'd been hacked.
Sometimes the illusion of having "hacked" someone is just as satisfying as the real thing, without the messy potential of jail-time.
We pulled a similar prank on a guy working on implementing 'verified by visa'. Every morning he'd walk in to the office and read the same news site. So, three days before completing the project we cloned the news site and posted an article that VISA had decided to abandon VBV.
He walks in to the office, starts reading the headlines (-- expletive deleted --) slams his coffee down and walks out of the office.
To his credit within 20 paces he started laughing like mad, knowing he'd been had. Pretty clever dude, it would have taken me a bit longer... :)
To protect the guilty and the innocent alike, no further references, but rest assured that a few words were addressed to VISA execs that were not exactly pc.
Lots of fun with the DNS.
Another reason to mistrust open wifi connections :)
Imagine redirecting scripts for googleadservices.com and implementing their JS code with your own publisher ID there.
That would make some of those adsense cheques Markus Frind has shown off look like lunch money.
EDIT - if you really wanted to make something like this cool, you would instead use the publisher ID of some random charity (or even cycle through an array of charities) that could be easily obtainable by viewing source code in pages.
Just a thought...
EDIT #2 - Or, some more Internet Justice - just have it ignore the clicks that would otherwise go to domain parkers (with the revenue heading to charity). You cut off that air supply and eventually a lot of domains will start becoming available again.
That way, the Internet Wins.
I sold the site earlier this year, but the subdomain I set up is still live, so the "hack" (if you could really call it that) is still live.
Gives me a giggle, everytime - I know it was malicious, but it was damn funny.
Another thing I did to this person was embed a flash banner on her forums using google's adwords that would loop an 8 bit rickroll. She ended up disabling advertising on her site for a short while, instead of blocking the ad itself. It drove her users nuts. Among the best 80 cents I ever spent.
Two days later we got a frantic call from someone at another ISP to tell us that someone had hacked our server and added a link to them - he wanted to make sure we didn't think it was them that had done it.
Section 25 Theft Act 1968
(1) A person shall be guilty of an offence if, when not at his place of abode, he has with him any article for use in the course of or in connection with any burglary, theft or cheat.
(3) Where a person is charged with an offence under this section, proof that he had with him any article made or adapted for use in committing a burglary, theft or cheat shall be evidence that he had it with him for such use.
Am I "going equipped" on a daily basis?
But remember on that Hacker News hack, I just thought of the possibility. Someone else did the actual work (and, in fact, totally independently of me).
But there will always be one hole left...
Please tell me which machine it is, send info to:
If they break in that wouldn't be your fault.