index.html

<title>Security Threat Found by Himi</title>
<body bgcolor = white text = black link = red vlink = black>
<style>
<!--
a{text-decoration:none}
//-->
</style>
<center><h1>Attention:</h1></center>
<br>
<hr>
<br>
Okay guys...you have a problem. You have a FrontPage security threat that
can and <b>WILL</b> be taken advantage of. If a malicious "hacker" had
found this exploit instead of me, one who tries to help, your page would
be in a lot of trouble right now. Don't worry, I have backed up your
index.html - <a href = index22.html>http://www.tucsontractor.com/index22.html</a>
but please listen to what I have to say. First of all, you need to
fix the frontpage problem. <i>Anybody</i> on the Internet can find out
your Administrator's password by going to the address <a href = _vti_pvt/index.html>http://www.tucsontractor.com/_vti_pvt</a>.
If they click "administrators.pwd" it will bring up something like this...<br>
<br>
ttcftp:Nm7NiyJ.p9JzU<br>
<br>
Now that doesnt show the actual password, but what it DOES show is the
password in Unix-Encrypted format. And with a password as easy as yours (you
really should choose a better one) it is very easy to decrypt. What you
need to do is set the access so that nobody can get to the ../_vti_pvt/ page.
That will fix your security leak. As for your password, you should use
a better combination of numbers and letters than <i>tractor1</i>. I guess
that is all that I can do for you. If you have any questions, or if you want
to bust me for violating your page and helping correct your security errors,
please feel free to email me at <a href = mailto:wldthing7@juno.com>wldthing7@juno.com</a>
<br>
<br>
<center>
Sincerely,<br>
- himi -
<br>
<img hspace src = newxhimi.jpg>
</center>
	<title>Security Threat Found by Himi</title>
	<body bgcolor = white text = black link = red vlink = black>
	<style>
	<!--
	a{text-decoration:none}
	//-->
	</style>
	<center><h1>Attention:</h1></center>
	<br>
	<hr>
	<br>
	Okay guys...you have a problem. You have a FrontPage security threat that
	can and <b>WILL</b> be taken advantage of. If a malicious "hacker" had
	found this exploit instead of me, one who tries to help, your page would
	be in a lot of trouble right now. Don't worry, I have backed up your
	index.html - <a href = index22.html>http://www.tucsontractor.com/index22.html</a>
	but please listen to what I have to say. First of all, you need to
	fix the frontpage problem. <i>Anybody</i> on the Internet can find out
	your Administrator's password by going to the address <a href = _vti_pvt/index.html>http://www.tucsontractor.com/_vti_pvt</a>.
	If they click "administrators.pwd" it will bring up something like this...<br>
	<br>
	ttcftp:Nm7NiyJ.p9JzU<br>
	<br>
	Now that doesnt show the actual password, but what it DOES show is the
	password in Unix-Encrypted format. And with a password as easy as yours (you
	really should choose a better one) it is very easy to decrypt. What you
	need to do is set the access so that nobody can get to the ../_vti_pvt/ page.
	That will fix your security leak. As for your password, you should use
	a better combination of numbers and letters than <i>tractor1</i>. I guess
	that is all that I can do for you. If you have any questions, or if you want
	to bust me for violating your page and helping correct your security errors,
	please feel free to email me at <a href = mailto:wldthing7@juno.com>wldthing7@juno.com</a>
	<br>
	<br>
	<center>
	Sincerely,<br>
	- himi -
	<br>
	<img hspace src = newxhimi.jpg>
	</center>