Pulse of Truth

2317 readers

86 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

Fraudster hacked hotel system, paid 1 cent for luxury rooms, Spanish cops say (www.theregister.com)

submitted 3 days ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

3 comments fedilink hide all child comments

'First time we have detected a crime using this method,' cops say Spanish police arrested a hacker who allegedly manipulated a hotel booking website, allowing him to pay one cent for luxury hotel stays. He also raided the mini-bars and didn't settle some of those tabs, police say.…

you are viewing a single comment's thread
view the rest of the comments

[–] Fiery@lemmy.dbzer0.com 2 points 2 days ago

Your example 2 is just describing improper input validation/bad logic. Which... Is still hacking. It's just a different category of vulnerability and difficulty (though slamming a SQL inject in every input field you can't find isn't the most complex either).

Example 3: guy finds admin panel with default password - still hacking Example 4: guy finds improperly secured admin endpoints in booking software - also hacking Example 5: booking server wasn't updated in 2 years and hacker uses a PoC exploit he pulled from somewhere to hack it - yup also hacking Etc

All those are wildly different ways of achieving the end result but they all share two things: 1. They're hacking 2. They're illegal to use for anything other than responsible disclosure