If any of you follow the mailings lists or the ‘scene’ as it’s known, you’d be familiar with PHC, Phrack, Gobbles, ~el8, Silvio, gayh1tler and the whole Whitehat Holocaust AKA pr0j3kt m4yh3m. (Back when it went public).
The war against whitehats has started up again more vehemently recently with zine known as zero for owned or ZFO.
The latest edition has just hit the streets with some really high profile hacks this time and a HUGE amount of information disclosure. They don’t release any exploits or code, but they do point out sections of certain apps that may be vulnerable. It’s an interesting read, especially the commentary.
You can find the full zf05.txt issue here:
zf05.txt – be warned it’s a 29,000 line text file.
The highest profile hacks must be of Mitnick and Kaminsky, as of now doxpara.com is still down.
Two noted security professionals were targeted this week by hackers who broke into their web pages, stole personal data and posted it online on the eve of the Black Hat security conference.
Security researcher Dan Kaminsky and former hacker Kevin Mitnick were targeted because of their high profiles, and because the intruders consider the two notables to be posers who hype themselves and do little to increase security, according to a note the hackers posted in a file left on Kaminsky’s site.
The files taken from Kaminsky’s server included private e-mails between Kaminisky and other security researchers, highly personal chat logs, and a list of files he has purportedly downloaded that pertain to dating and other topics.
No one has ANY idea how long they’ve owned these boxes and been up your mailspoolz. Are they watching you, have they owned your box? If you’re a ‘notable’ whitehat, you speak at conferences and market yourself like a whore.
Most likely yes they are up in your shit.
One day they will rm -rf it and publish all your e-mails in the next edition of zfo zine.
The hacks also targeted other security professionals, and were apparently timed to coincide with the Black Hat and DefCon security conference in Las Vegas this week, where Kaminsky is unveiling new research on digital certificates and hash collisions.
Kaminsky made headlines last year for his Black Hat talk about vulnerabilities in the Domain Name System. He was accused by many in the security community of hyping the issue after he teased the topic in a press conference call a month before his talk without revealing details of the vulnerability, leading everyone to speculate on the nature of it. He was presented with a Pwnie award for Most Overhyped Bug and for “owning” the media.
The hackers criticized Mitnick and Kaminsky for using insecure blogging and hosting services to publish their sites, that allowed the hackers to gain easy access to their data.
Pretty scary stuff, considered all these self-proclaimed experts are having their own sites hacked. What hope do the rest of us mere mortals have?
Little to none, as always a skilled persistent attacker will ALWAYS get in.
A bunch of others got pwned too including hak5, Robert Lemos, Blackhat Forums, PerlMonks, Elite Hackers and BinRev (Binary Revolution).
Source: Wired (Thanks Navin)
- Twitter Bug Bounty Official – Started Paying For Bugs
- Heartbleed Implicated In US Hospital Leak
- XML Quadratic Blowup Attack Blows Up WordPress & Drupal
- Kevin Mitnick Interview on Social Engineering
- WordPress 2.8.3 Admin Reset Exploit
- Is Google Public DNS Safe?
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 227,486 views
- AJAX: Is your application secure enough? - 119,107 views
- eEye Launches 0-Day Exploit Tracker - 85,057 views