Jump to content

The server hosting Hak5.org and the Hak5 forums was hacked.


VaKo
 Share

Recommended Posts

On July 20th, 2009 the server hosting Hak5.org and the Hak5 forums was hacked into and defaced via an exploit on a unrelated system. During this time the forum database was accessed and as such, passwords (which are linked to your email address) used for forum accounts have been compromised. Please login to http://www.hak5.org/forums/ and change your password, if you used this password elsewhere you will need to change these passwords ASAP. We apologize for this inconvenience.

Link to comment
Share on other sites

  • Replies 108
  • Created
  • Last Reply

Top Posters In This Topic

I should be clear here, for most of you its unlikely that your password information has been stolen, but we know some accounts where definitely hacked. But, we cannot be sure about this so in the interests of your safety we've taken the option to face the music and tell you.

Link to comment
Share on other sites

... interests of your safety we've taken the option to face the music and tell you.

Isn't informing us the responsible thing to do? I realised that there was a problem when I tried to log in but I assumed that it was down for maintenance.

Link to comment
Share on other sites

Isn't informing us the responsible thing to do? I realised that there was a problem when I tried to log in but I assumed that it was down for maintenance.

Yes, while the risk to most of you is minimal, the responsible thing to do is tell you no matter what.

Link to comment
Share on other sites

yeah thought the fourms were down for maintence, nice to be properly informed thou.

lucky to have started using different passwords for different website since joining hak5 ... I wonder why :P

Link to comment
Share on other sites

ive been here for a while and this is like the 7th time the security for the forum was compromised lol. kinda funny :P i sorta just leave this password each time cause this acount hasnt been taken and i dont use the pass anywhere else (besides my yahoo and twitter account, ohh and i forgot my blog)

edit:

touche problem is i abandoned all of those accounts long before they were accessed. so i reitterate. i dont use the pas anywhere else

Link to comment
Share on other sites

3rd time. Couple of times on SMF and this time was a problem with the security of the webhost, not with our systems. No one should ever re-use passwords, especially not one that you use on a site about hacking. People like to prove a point so we're a target.

Link to comment
Share on other sites

more importantly if you used this password elsewhere you will need to change these passwords ASAP.
Is this a bad wording or do you really store passwords unencrypted in the database?

Hashed with individual salt for each password is where it's at these days.

Link to comment
Share on other sites

Is this a bad wording or do you really store passwords unencrypted in the database?

Hashed with individual salt for each password is where it's at these days.

The passwords are hashed and salted, but since the attacker gained root access to the shared host we have to assume that everything on it can no longer be trusted.

Link to comment
Share on other sites

Is this a bad wording or do you really store passwords unencrypted in the database?

Hashed with individual salt for each password is where it's at these days.

Given that they have all the hashes the chances that they will break a few of the passwords, even though they have a salt, is quite high. Better to change your password rather than run the risk that yours isn't broken.

More importantly though it sounds like they owned the whole machine for a time. They could have been logging all the traffic and they will have the SSL keys for the server which they can use to can decrypt all the https entries they have logged for the site, which will contain a lot of passwords being sent in plaintext. It is a theoretical attack but can't be ruled out, so assume they have the password you used on this site.

Link to comment
Share on other sites

Whenever a box is owned you have to assume your own account on it is also owned regardless of how small your part on that box is.

If you did reuse a password, change it on the other systems and check for anything odd happening on them.

Like VaKo says, it is unlikely any normal users were targeted but better be safe than sorry.

Link to comment
Share on other sites

Part of a billing system used by the host was compromised, leading to 85 hosting accounts being defaced and rm'd, thus having to be restored from backups. While the attack was directed at hak5, the only way in was through the host and not Hak5 directly.

Link to comment
Share on other sites

Guest Ryan_R
lol, nice.

Hehehe - that's pretty funny. I did check the 'My Controls' pages for any Account deletion button but couldn't find any, hence the post. I don't know who to PM, and I can't remember why I joined in the first place. Don't know who to PM but I'm sure this serves the same purpose.

Link to comment
Share on other sites

How do I know my password wasn't sniffed just as I logged in? What have the admins done to make sure everything is safe, so far?

You don't, in the same way as you don't know what really happens to your details when you log into any site, you just have to trust that all is well. That trust is based on a judgement call about the site owners, where it is hosted and anything else you know about it. I've build websites for some very large organisations and know exactly where to drop sniffers to capture data that is protected as it goes around the rest of the system. I would never do it but that isn't to say someone else hasn't.

I trust the Hak5 site so I'm happy using it, there are no details on this site that I don't mind being public anyway so I'm not panicing.

From what I know from behind the scenes quite a bit of hardening has gone on to try to protect the box from future attacks but as there are 0-days created all the time you can only do so much and just keep your fingers crossed for the rest.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...