VaKo Posted July 22, 2009 Posted July 22, 2009 On July 20th, 2009 the server hosting Hak5.org and the Hak5 forums was hacked into and defaced via an exploit on a unrelated system. During this time the forum database was accessed and as such, passwords (which are linked to your email address) used for forum accounts have been compromised. Please login to http://www.hak5.org/forums/ and change your password, if you used this password elsewhere you will need to change these passwords ASAP. We apologize for this inconvenience. Quote
KeelBug Posted July 22, 2009 Posted July 22, 2009 :( Hate when this happens, happened a couple of times on my web host. Quote
Seshan Posted July 22, 2009 Posted July 22, 2009 Good thing I use a different password for each site. :) But that sucks :( Quote
VaKo Posted July 22, 2009 Author Posted July 22, 2009 I should be clear here, for most of you its unlikely that your password information has been stolen, but we know some accounts where definitely hacked. But, we cannot be sure about this so in the interests of your safety we've taken the option to face the music and tell you. Quote
Iain Posted July 22, 2009 Posted July 22, 2009 ... interests of your safety we've taken the option to face the music and tell you. Isn't informing us the responsible thing to do? I realised that there was a problem when I tried to log in but I assumed that it was down for maintenance. Quote
VaKo Posted July 22, 2009 Author Posted July 22, 2009 If you have a zero post count then you account can be deleted, if you have posted on the forums you account will not be deleted. Handle this by PM. Quote
brainfreeze Posted July 22, 2009 Posted July 22, 2009 If you have a zero post count then you account can be deleted, if you have posted on the forums you account will not be deleted. Handle this by PM. lol, nice. Quote
VaKo Posted July 22, 2009 Author Posted July 22, 2009 Isn't informing us the responsible thing to do? I realised that there was a problem when I tried to log in but I assumed that it was down for maintenance. Yes, while the risk to most of you is minimal, the responsible thing to do is tell you no matter what. Quote
cykio Posted July 22, 2009 Posted July 22, 2009 yeah thought the fourms were down for maintence, nice to be properly informed thou. lucky to have started using different passwords for different website since joining hak5 ... I wonder why :P Quote
RogueHart Posted July 22, 2009 Posted July 22, 2009 ive been here for a while and this is like the 7th time the security for the forum was compromised lol. kinda funny :P i sorta just leave this password each time cause this acount hasnt been taken and i dont use the pass anywhere else (besides my yahoo and twitter account, ohh and i forgot my blog) edit: touche problem is i abandoned all of those accounts long before they were accessed. so i reitterate. i dont use the pas anywhere else Quote
VaKo Posted July 22, 2009 Author Posted July 22, 2009 3rd time. Couple of times on SMF and this time was a problem with the security of the webhost, not with our systems. No one should ever re-use passwords, especially not one that you use on a site about hacking. People like to prove a point so we're a target. Quote
nitro2k01 Posted July 22, 2009 Posted July 22, 2009 more importantly if you used this password elsewhere you will need to change these passwords ASAP.Is this a bad wording or do you really store passwords unencrypted in the database? Hashed with individual salt for each password is where it's at these days. Quote
VaKo Posted July 22, 2009 Author Posted July 22, 2009 Is this a bad wording or do you really store passwords unencrypted in the database? Hashed with individual salt for each password is where it's at these days. The passwords are hashed and salted, but since the attacker gained root access to the shared host we have to assume that everything on it can no longer be trusted. Quote
Jason Cooper Posted July 22, 2009 Posted July 22, 2009 Is this a bad wording or do you really store passwords unencrypted in the database? Hashed with individual salt for each password is where it's at these days. Given that they have all the hashes the chances that they will break a few of the passwords, even though they have a salt, is quite high. Better to change your password rather than run the risk that yours isn't broken. More importantly though it sounds like they owned the whole machine for a time. They could have been logging all the traffic and they will have the SSL keys for the server which they can use to can decrypt all the https entries they have logged for the site, which will contain a lot of passwords being sent in plaintext. It is a theoretical attack but can't be ruled out, so assume they have the password you used on this site. Quote
Sparda Posted July 22, 2009 Posted July 22, 2009 I would recommend people use tools such as: http://wijjo.com/Category/Passwordhasher It allows you to (effectivly) use the same password for each site with out actually using the same password. Quote
Brian Sierakowski Posted July 22, 2009 Posted July 22, 2009 I would recommend people use tools such as: http://wijjo.com/Category/Passwordhasher It allows you to (effectivly) use the same password for each site with out actually using the same password. There is a similar Firefox addon which I use called PasswordMaker, same idea I'm sure. -B Quote
digininja Posted July 22, 2009 Posted July 22, 2009 Whenever a box is owned you have to assume your own account on it is also owned regardless of how small your part on that box is. If you did reuse a password, change it on the other systems and check for anything odd happening on them. Like VaKo says, it is unlikely any normal users were targeted but better be safe than sorry. Quote
ratmandall Posted July 22, 2009 Posted July 22, 2009 Fucking hell, I trusted this forum =_= How do I know my password wasn't sniffed just as I logged in? What have the admins done to make sure everything is safe, so far? Quote
Vivek Ramachandran Posted July 22, 2009 Posted July 22, 2009 On July 20th, 2009 the server hosting Hak5.org and the Hak5 forums was hacked into and defaced via an exploit on a unrelated system. Just curious what the exploit was? and what do you mean by unrelated system? - was another website hosted on the same box, which got compromised? Quote
VaKo Posted July 22, 2009 Author Posted July 22, 2009 Part of a billing system used by the host was compromised, leading to 85 hosting accounts being defaced and rm'd, thus having to be restored from backups. While the attack was directed at hak5, the only way in was through the host and not Hak5 directly. Quote
Guest Ryan_R Posted July 22, 2009 Posted July 22, 2009 lol, nice. Hehehe - that's pretty funny. I did check the 'My Controls' pages for any Account deletion button but couldn't find any, hence the post. I don't know who to PM, and I can't remember why I joined in the first place. Don't know who to PM but I'm sure this serves the same purpose. Quote
digininja Posted July 22, 2009 Posted July 22, 2009 How do I know my password wasn't sniffed just as I logged in? What have the admins done to make sure everything is safe, so far? You don't, in the same way as you don't know what really happens to your details when you log into any site, you just have to trust that all is well. That trust is based on a judgement call about the site owners, where it is hosted and anything else you know about it. I've build websites for some very large organisations and know exactly where to drop sniffers to capture data that is protected as it goes around the rest of the system. I would never do it but that isn't to say someone else hasn't. I trust the Hak5 site so I'm happy using it, there are no details on this site that I don't mind being public anyway so I'm not panicing. From what I know from behind the scenes quite a bit of hardening has gone on to try to protect the box from future attacks but as there are 0-days created all the time you can only do so much and just keep your fingers crossed for the rest. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.