Hacker News new | past | comments | ask | show | jobs | submit login
Lulzsec Attempts Nintendo Hack - No Customer Information Lost (wsj.com)
42 points by rkalla on June 5, 2011 | hide | past | favorite | 12 comments



That WSJ article only showed me 1.5 paragraphs before asking me to pay to continue reading, here's a link to another article (not long, but doesn't ask you to pay):

http://www.reuters.com/article/2011/06/05/us-nintendo-idUSTR...


Sharing this primarily in-light of the discussion in the latest Sony-hack story[1] on HN. Something being discussed was how common is shoddy enterprise security. Seeing a hack attempt against Nintendo fail by one of the same groups that hacked Sony recently was pertinent.

[1] http://news.ycombinator.com/item?id=2621844


I don't know if you should consider this a failed attempt; the pastebin release implies that they were just "warming up" before the FBI attack. Perhaps they wanted more and failed, but perhaps they weren't aiming to compromise them like Sony.


Perhaps failure is a strong word, but clearly the attackers didn't gain anything of value - unlike every single Sony attack.


Most of these companies do not have security people, audits, or even really logging. People should be suprised when there is security IMHO.


This is actually more bad news for Sony. It shows that their competitors have much better security than they do, and Sony won't be able to claim anymore that "it wasn't really their fault, it's just that the hackers were very good".


Pastebin of the release: http://pastebin.com/QFJN82X4

It's apparently nintendo.com's httpd.conf. Most is just a huge pile of url rewrites.


I wonder what patio11 thinks of their KeepAliveTimeout settings?

  KeepAlive On
  MaxKeepAliveRequests 0
  KeepAliveTimeout 120


This is my number one pet peeve, right here:

>>>>>>>>>>>>>>

# Force all clients that hit this host to www.nintendo.com

RewriteEngine on

RewriteRule .* http://www.nintendo.com/ [R,L]

<<<<<<<<<<<<<<

Nothing is worse than trying to go to foobar.com/something/I/know/exists and being redirected back to the homepage. What's wrong with deep linking and respecting URLs that a user has been to before?

More importantly, doesn't this interfere with bookmarks?


Uh, it doesn't mean that at all. Here's a random link, note how it doesn't redirect to the homepage: http://www.nintendo.com/games/detail/9xKcFNixgDWMPXx0DGu0_77...

That's just the default behavior. There's an enormous amount of other rewrites to handle actual functionality.

Bookmark interfering - probably. But which is worse for most users: a 302 / 404 error, or being pushed somewhere useful to start from?


302 won't break bookmarks.

Most users get taken to where they meant to go, without noticing the ___domain rewrite.


That line just handles people who managed to hit the server from a ___domain they're not expecting at all - for example if I were to map example.org to their server in /etc/hosts.

The pertinent lines for your example are 341 and 342:

  RewriteCond %{HTTP_HOST} =nintendo.com [NC]
  RewriteRule ^/(.*) http://www.nintendo.com/$1  [QSA]




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: