Jump to content

The server hosting Hak5.org and the Hak5 forums was hacked.


Recommended Posts

Posted

On July 20th, 2009 the server hosting Hak5.org and the Hak5 forums was hacked into and defaced via an exploit on a unrelated system. During this time the forum database was accessed and as such, passwords (which are linked to your email address) used for forum accounts have been compromised. Please login to http://www.hak5.org/forums/ and change your password, if you used this password elsewhere you will need to change these passwords ASAP. We apologize for this inconvenience.

  • Replies 108
  • Created
  • Last Reply

Top Posters In This Topic

Posted

I should be clear here, for most of you its unlikely that your password information has been stolen, but we know some accounts where definitely hacked. But, we cannot be sure about this so in the interests of your safety we've taken the option to face the music and tell you.

Posted
... interests of your safety we've taken the option to face the music and tell you.

Isn't informing us the responsible thing to do? I realised that there was a problem when I tried to log in but I assumed that it was down for maintenance.

Posted

If you have a zero post count then you account can be deleted, if you have posted on the forums you account will not be deleted. Handle this by PM.

Posted
Isn't informing us the responsible thing to do? I realised that there was a problem when I tried to log in but I assumed that it was down for maintenance.

Yes, while the risk to most of you is minimal, the responsible thing to do is tell you no matter what.

Posted

yeah thought the fourms were down for maintence, nice to be properly informed thou.

lucky to have started using different passwords for different website since joining hak5 ... I wonder why :P

Posted

ive been here for a while and this is like the 7th time the security for the forum was compromised lol. kinda funny :P i sorta just leave this password each time cause this acount hasnt been taken and i dont use the pass anywhere else (besides my yahoo and twitter account, ohh and i forgot my blog)

edit:

touche problem is i abandoned all of those accounts long before they were accessed. so i reitterate. i dont use the pas anywhere else

Posted

3rd time. Couple of times on SMF and this time was a problem with the security of the webhost, not with our systems. No one should ever re-use passwords, especially not one that you use on a site about hacking. People like to prove a point so we're a target.

Posted
more importantly if you used this password elsewhere you will need to change these passwords ASAP.
Is this a bad wording or do you really store passwords unencrypted in the database?

Hashed with individual salt for each password is where it's at these days.

Posted
Is this a bad wording or do you really store passwords unencrypted in the database?

Hashed with individual salt for each password is where it's at these days.

The passwords are hashed and salted, but since the attacker gained root access to the shared host we have to assume that everything on it can no longer be trusted.

Posted
Is this a bad wording or do you really store passwords unencrypted in the database?

Hashed with individual salt for each password is where it's at these days.

Given that they have all the hashes the chances that they will break a few of the passwords, even though they have a salt, is quite high. Better to change your password rather than run the risk that yours isn't broken.

More importantly though it sounds like they owned the whole machine for a time. They could have been logging all the traffic and they will have the SSL keys for the server which they can use to can decrypt all the https entries they have logged for the site, which will contain a lot of passwords being sent in plaintext. It is a theoretical attack but can't be ruled out, so assume they have the password you used on this site.

Posted

Whenever a box is owned you have to assume your own account on it is also owned regardless of how small your part on that box is.

If you did reuse a password, change it on the other systems and check for anything odd happening on them.

Like VaKo says, it is unlikely any normal users were targeted but better be safe than sorry.

Posted
On July 20th, 2009 the server hosting Hak5.org and the Hak5 forums was hacked into and defaced via an exploit on a unrelated system.

Just curious what the exploit was? and what do you mean by unrelated system? - was another website hosted on the same box, which got compromised?

Posted

Part of a billing system used by the host was compromised, leading to 85 hosting accounts being defaced and rm'd, thus having to be restored from backups. While the attack was directed at hak5, the only way in was through the host and not Hak5 directly.

Guest Ryan_R
Posted
lol, nice.

Hehehe - that's pretty funny. I did check the 'My Controls' pages for any Account deletion button but couldn't find any, hence the post. I don't know who to PM, and I can't remember why I joined in the first place. Don't know who to PM but I'm sure this serves the same purpose.

Posted
How do I know my password wasn't sniffed just as I logged in? What have the admins done to make sure everything is safe, so far?

You don't, in the same way as you don't know what really happens to your details when you log into any site, you just have to trust that all is well. That trust is based on a judgement call about the site owners, where it is hosted and anything else you know about it. I've build websites for some very large organisations and know exactly where to drop sniffers to capture data that is protected as it goes around the rest of the system. I would never do it but that isn't to say someone else hasn't.

I trust the Hak5 site so I'm happy using it, there are no details on this site that I don't mind being public anyway so I'm not panicing.

From what I know from behind the scenes quite a bit of hardening has gone on to try to protect the box from future attacks but as there are 0-days created all the time you can only do so much and just keep your fingers crossed for the rest.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...