Jump to content

Who hacked Hak.5?


soulbleed
 Share

Recommended Posts

Security through obscurity....not reposting does nothing. A google search brings it up pretty much right away. I think people need to know its out there so they change them damn passwords!! EVERYONE's from the forum was posted in plain text, so I can't stress that enough that people need to change them here, and wherever else they may have used them.

Link to comment
Share on other sites

Thing is there is the anti-sec movement, and then those who claim they do it in name of anti-sec. Im not sure it makes a difference, as both seem to be at conflict with each other. The real people of the anti-sec movement and then those script kiddies the anti-sec people are against going in and defacing sites just under the movement of antisec adds this whole other level of irony, especially when its so called hackers attackign hackers.(or as they ati-sec people say, they were never hackers in the first place).

I think we are only seeing the tip of the iceburg and the sinking of the Titanic has yet to come.

Link to comment
Share on other sites

Am I the only one who isn't pissed off by this? Yes, they hacked hak5, who cares? If anything I would give them props for pulling off a few pretty nice hacks and they didn't cause anyone real damage. It's pretty ironic to me how everyone is condemning them for doing what we all enjoy doing, just hacking and exploring.

Link to comment
Share on other sites

Breaking into a server, yes, that is "just hacking and exploring". Defacing a site, this is kinda "just hacking and exploring" if you can push a good argument. But breaking into a server, defacing it and then opting to rm -rf / the entire server which also hosts 80+ sites in addition to the one your after... this is not "just hacking and exploring".

Link to comment
Share on other sites

Which server(s) did they rm? I thought they left the servers alone aside from the defacements.

Along with RM'ing the servers they posted all of the servers contents as well as everyones passwords, plus went as far as to basically insult the entire community here at hak5, not just the hosts. Basically, the owned the servers and then gave "full disclosure" of everything, including passwords, directory structure, then deleted everyones stuff. On top of attackign hak5, they went searching against the passwords of its users, like Mubix, who had his gmail and blog logged into by these people. Its only a matter of time before they hit others from the forums, and I for one am suprised more people from the forums have not had their stuff attacked yet. These aren't anti-sec or hackers in my mind as much as it was some asshat with script kiddy skills who knew of an exploit for a flaw in the web server. And who claims they did it? Its not like zf0 is a person, its a zine of public hacks, not the person who did it. I hope that there is at least a trail back to this person(s). People like that can't keep a secret, they brag about it to everyone, so its only a matter of time before the real person behind it gets ousted.

Link to comment
Share on other sites

I'm now using keepass with a random 20 character upper/lower/digit/extra spicy password for all my logins. I don't know why I didn't use it sooner.

Same, I'm using a firefox plugin to do the same. Used my firefox saved passwords to look up all the sites with the same or similar passwords, then changed it to random stuff.

Security 101 I know... but looks like even the best of us make mistakes.

Link to comment
Share on other sites

I feel sorry for the legitmate users sites that were hosted on the same server (were they rm'ed also matt?)

I now think that a dedicated server for hak5 is the way to go.

Hey, what do I know this password might be still sniffed....

edit

Oh yeah, not that it's worth a wank (brit speak) SSL might help!

I wonder how many other sites a username:password / email:password list is running on.

Link to comment
Share on other sites

Keepass is ok if you need it, but it would not have saved anyone in this scenario since they were basically sniffing them in realtime.

Link to comment
Share on other sites

Keepass is ok if you need it, but it would not have saved anyone in this scenario since they were basically sniffing them in realtime.

The passwords would have been compromised, but you would be assured that you aren't being foolish and using the same password in two places.

If the server gets rooted... its rooted, but at least we can do damage control on our other accounts so we don't get mubixed.

Not that they would have any interest in what I'm doing anyway.

Link to comment
Share on other sites

Keepass is ok if you need it, but it would not have saved anyone in this scenario since they were basically sniffing them in realtime.

That's what I don't get, One of my old passwords was in there. So how long where they sniffing?

I also think there is two versions, or at least some edited ones, When I used google cache to find the leetupload one because it was no longer there, my username wasn't in that one. I think it's safe to say if you have logged in in the last month, you pass is out there.

Link to comment
Share on other sites

I wonder if it really was prdelka or anyone from the whitehate crowd.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...