Not a Hack: Lahore Electric Supply Companies (LESCO) Website Privacy Leaks不是一個哈克：拉合爾的電力供應公司（ lesco ）網站隱私外洩

Lahore Electric Supply Companies (LESCO) is a major electricity power provider in Lahore region of Pakistan.拉合爾電力供應公司（ lesco ）是一個重大的電力供應商在拉合爾地區的巴基斯坦。 LESCO’s main official website which is used for public access is located at lesco的主要官方網站是用來供市民查閱，是位於 http://www.lesco.gov.pk/ , but apparently LESCO has another web site probably for support staffs and personnels or for training purpose, which allowed everybody from public to ‘hack’ into, and access supposedly private and confidential data. ，但顯然lesco有另一個網站可能是工作人員和支持人員，或作訓練用途，從而使每個人都從市民'黑客'到，並獲得理應私人和機密數據。 (But who cares about privacy in Pakistan?) （但誰關心的隱私在巴基斯坦？ ）

The website of Lahore Electric Supply Companies that has major security flaw and privacy leaks is located at網站拉合爾電力供應公司，具有重大的安全漏洞和隱私洩漏的是位於 http://www.lesco.info/ . 。 To ‘hack’ the website, simply browse to LESCO Human Resource Management System via Customer Service link at '黑客'的網站，只要瀏覽到lesco的人力資源管理系統通過客戶服務連結 http://www.lesco.info/mc/default.htm . 。 You don’t even need any skill to hack the website.你甚至不需要任何技巧，黑客網站。 The login page has User ID (which is Guest) and password nicely filled in. Just hit “Enter Now !” button to log in to the system.登錄頁有用戶ID （即客戶）和密碼，很好的填補英寸只需點擊“進入現在！ ”按鈕，登錄到該系統。

After logging in, ‘hacker’ can find various LESCO customers’ information from database (looks like is MySQL) such as name, address and phone number.登錄後， '黑客'可以在網上找到各種lesco客戶的資料從資料庫（看起來象是MySQL的） ，如姓名，地址和電話號碼。 Also available is application for electricity connection, date of application, status, next course of action and electricity load.還有是應用電力方面，申請日期，地位，在未來的行動過程和用電負荷。 (If you apply to LESCO and heard no news, this hack for you!) Best of all, search functions is provided. （如果您申請lesco ，並聽取了沒有消息，這個技巧為您服務！ ）最重要的是，搜索功能是提供。

From the design of the website, with failed MySQL commands and broken links which link to ClickSoft.com.pk, which probably is the developer for the site, LESCO.info is probably still in construction, and not mean for public access.從設計的網站，與失敗的MySQL命令和斷開的鏈接鏈接到clicksoft.com.pk ，這可能是開發商為網站， lesco.info可能是仍然在施工，而不是意味著，供市民查閱。 We inclined to believe that the website is mainly used by LESCO staffs for training purpose and not as their back-end system, in view of the poor security measure.我們傾向於認為，該網站主要是用來由lesco人員培訓的目的，而不是作為他們的後端系統，鑑於對窮人的保安措施。 But why the true live data of customers is been used as the sample is out of comprehension, which conveniently provide backdoor access for those want to gather these information.但為何真正的實時數據的客戶是被用來作為該樣本是出於理解，方便地提供後門進入對於那些想收集這些資料。

Probably this is the style of doing work in South Asia part of the world, but does Pakistan has nuclear weapon?也許，這是作風，是做人的工作，在南亞地區是世界的一部分，但巴基斯坦是否已核武器呢？ Can nuclear weapon of mass destruction be trusted to someone who can’t even protect personal data, albeit only name, address and phone of its own citizens?可以核大規模殺傷性武器信任誰，有人甚至不能保障個人資料，雖然只有姓名，地址及電話，自己的公民？

IMPORTANT : You're reading a machine translated page which is provided "as is" without warranty. 重要說明：您正在閱讀的機器翻譯網頁是“按原樣”提供的擔保。 Unlike human translation, machine translation does not understand the grammar, semantics, syntax, idioms of natural language, thus often produce inaccurate and low quality text which is misleading and incomprehensible.不像人類翻譯，機器翻譯不明白的語法，語義，語法，成語自然語言，因此，往往產生不準確的和低品質的文字，是具誤導性的和難以理解的。 Thus, please refer to因此，請參閱 original English article原來的英語文章 when in doubt.有疑問時。

Related Articles相關文章

• Intel Experiences Atom Supply Shortage Due to Overwhelming Demand英特爾的經驗，原子的供應短缺，由於絕大多數的需求
• Free Online Phonemyphone Service Helps Locating Misplaced Mobile Phone免費在線phonemyphone服務，幫助定位錯誤的移動電話
• Order Hero Hack Pack with Free Open Source Tools為了英雄哈克包與免費開源工具
• Website Grader: Free Website Analytics and Traffic Measurement Tool網站年級：免費的網站分析和流量測量工具
• Virus Attack Via Infected Gizmo病毒攻擊通過受感染gizmo
• Free Genuine License Code for Privacy Guardian by Signing Up PC Tools Newsletter免費真正的授權碼隱私監護人簽署了PC工具時事通訊
• Toshiba Innovative Idea of Implementing Sleep and Charge USB ports in Satellite Laptop Series東芝創新的理念貫徹睡眠和收費USB連接埠，在衛星的筆記型電腦系列
• Exciting Potential of China in e-Commerce令人振奮的潛力，中國在電子商貿
• How to Make a Laser Pointer from Mini Maglite Flashlight如何使激光指針從迷你手電筒maglite
• Steganos Security Suite 2007 Full Version Free Download and Serial Number steganos安全套件2007完整版免費下載和序號

This entry was posted on Thursday, May 8th, 2008 at 1:17 pm and is filed under 此項目被張貼在週四， 2008年5月8日在下午1時17分，並提交下 Tips & Tricks 提示和技巧 . 。 You can follow any responses to this entry through the 您可以按照任何的反應，此項目通過 RSS 2.0 2.0 feed. 餵養。 You can 您可以 leave a response 留下的回應 , or ，或 trackback Trackback跟踪 from your own site. 從你自己的網站。