Main » 2011 » Март » 16 » Blackhat 2009 hacked serverrenowned experts in the field of information security
12:54
Blackhat 2009 hacked serverrenowned experts in the field of information security
These days, the U.S. hosts a conference on information security BlackHat. Despite the defiant title, usually in the framework of its reports on various relevant topics to speak publicly known security experts, the so-called whitehats.
For the "black hats" do not have a more convenient time to strike back than the days Blekheta, while well-known experts are drinking beer, reading reports and otherwise advertise their security consulting. So, yesterday was hacked a number of servers by renowned experts, including Kevin Mitnick and Dan Kaminsky, renowned for his research in the field of security DNS.

Targeted were Dan Kaminsky, known for his discovery of a high-profile flaw in the domain name system last year; Kevin Mitnick, one of the first hackers to be prosecuted for computer crimes; and the PerlMunks programmer community, among others .

Surprisingly, however, not the fact of penetration, but the fact that he showed the well-known problem of "the shoemaker without shoes." Apparently, one of the intrusion was committed by WordPress - opensursny engine with a history of vulnerabilities that do not fit even on a roll of toilet paper:

Several press reports are recounting how the Web sites of high profile security experts and researchers, including Dan Kaminsky , Jay Beale and Kevin Mitnick were compromised. The victims believe the attack was made possible by a vulnerability in WordPress, a popular blogging platform.

Dan Kaminsky, apparently also in no hurry to comply with one of the fundamental rules of compliance IB do not keep important things in public places »:

While the Mitnick attack revealed information of little value, hackers hit the mother lode with Kaminsky. Included in the posted files were documentation on vulnerability research, a proof of concept exploit for a known DNS vulnerability, passwords and back-doors to his Web site and, sadly, intimate instant message conversations.

What does it say when a noteable security expert makes a simple mistakes like putting all the crown jewels on a public-facing Web server? It tells us that even the best of security practitioners need a second look at their designs and work.

The address sucuri.net/mirror/zf05.txt, available at the time of publication, you can read «screenplay» breakups.
Views: 511 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: