Umm WTF Hak5

[sniper7kills]

So we all know that our passwords were compromised. But did you know that your password it publicly posted on the internet? And we were also told that the server was attacked..... But did you know that hak5 was the target?

http://r00tsecurity.org/files/th28gaa1g.txt

Just search hak5, The third one is the start of a nice bit of information.

Sorry if this is a repost, but I thought it needed to be brought up.

[Sparda]

Looks like every ones old password is at http://r00tsecurity.org/files/zf05.txt

Not sure what "Passwords reversed through local OpenSSL side channel attacks, or not... we don't want to start another whitehat freakout" means. I guess it's a joke since hak5.org never used SSL... unless it did in a respect that is not related to the forum... except all the passwords are for the forum. I guess it is a joke, as in trying to make the whitehats freak out.

[VaKo]

Looks like every ones old password is at http://r00tsecurity.org/files/zf05.txt

Not sure what "Passwords reversed through local OpenSSL side channel attacks, or not... we don't want to start another whitehat freakout" means. I guess it's a joke since hak5.org never used SSL... unless it did in a respect that is not related to the forum... except all the passwords are for the forum. I guess it is a joke, as in trying to make the whitehats freak out.

There is no SSL on hak5.org atm, so that bit is probally crap. IPB just seems to have weak salts.

[Sparda]

I thought it a bit interesting that there was no dump_passwords file in /home2/hak5/www/forums. Some thing is a bit of a miss there (obviously added in between the last ls and the command).

Even with weak salts, what are the chances of cracking kNgWva5D3JjbI2 (my old password)?

[Netshroud]

If you look at the passwords list, some of them have multiple entries with typos - I reckon they were capturing/logging/sniffing/etc the passwords for a while first.

[Sparda]

If you look at the passwords list, some of them have multiple entries with typos - I reckon they were capturing/logging/sniffing/etc the passwords for a while first.

Thats what I was wondering, hence the ssl joke I suppose.

[Deveant]

umm to crack that many passwords, with salt, specialy passwords like C5FuR7k-giWBBIwczi5f, its going to take years, also testing a few names against the member list, everyone logged in late july (~20th).

Passwords wernt cracked, IPB was comprimised, and captured the passwords, which kinda leads you to think, how do the mods know its currently not atm?

[digip]

They were logged in to the server and grabbing passwords in realtime from what I understand. They must have been monitoring it for much longer than people realize, because some people have stated that they hadn't used those passwords in a while and had already changed them before they announced the defacement and zine came out. You will notice the typos of some peoples paswords, and some people with multiple entries, so it seems fair to say, they had installed some sort of logger to grab them in real time, then they collected the data at a later time. Especially when there is no ssl, so any hint it was some side channel ssl attack smells like bullshit to me. I also think that whoever did this, had enough skill to compile the exploit, used it on one of the other sites hosted on the server in order to escalate their privledges to gain access to the entire machine, thus allowing them to do what they did. I don't believe it was a hak5 issue as much as the people who did it were able to get in through one of the other hosted accounts, or may have even been hosting with the server unbeknown to Matt, and used it as a way to compromise the server.

The flaw they used had been out since like May,

// milw0rm.com [2009-05-14]

http://www.milw0rm.com/exploits/8678 so they have probably been watching things long before the defacement took place.

[cabster21]

The most hilarious part (aside from mubix) was Darren, every episode

when interviewing the resident tech expert he says "I'll play the idiot here,

explain to me". De Niro better watch out, those acting skills are sharp.

[wh1t3 and n3rdy]

Hacking hak5 impresses me just as little as some kid hacking his school network trying to change his grades. Keep giving each other reach arounds over your leetness, dickheads.

[VaKo]

Ciri (someone else who hacked hak5's site) at least had some class when he got in.

[deleted]

Ciri (someone else who hacked hak5's site) at least had some class when he got in.

When was this? I dont remember that.

[digip]

Ciri (someone else who hacked hak5's site) at least had some class when he got in.

Don't remember that one, but would be nice to have some little history of hacks against hak5 in the wiki, purely academic and all of course.

[wh1t3 and n3rdy]

Back in the day

[digip]

Found it: http://hak5.org/forums/lofiversion/index.php?t5871.html

[wh1t3 and n3rdy]

Not too much class there imo.

[deleted]

Oh yes, I remember that one now.

[psydT0ne]

Well i know that this shit happens....its bound to...

I'm sure that once the hak5 team are aware of what happened and why.....we'll get a complete explaination.

Meanwhile...i like to use Steve Gibson's site for passwords.... https://www.grc.com/passwords.htm

[wh1t3 and n3rdy]

I think the explanation should be a little more forth coming. No doubt this event inspired the password security in the last episode. I'm not hating on them because they got hacked. The show makes them a target for others who want to big note themselves.

[psydT0ne]

Forthcoming?...yeah i'd have to agree with that, for sure. But i'd rather them fix the issue and fully understand what happened, why and make sure that it has a low probability of happening again.

I can certainly understand peoples eagerness to know WTF details, but we're fans not shareholders...i am positive that the hak5 crew feel as violated as we do.

[Brian Sierakowski]

Forthcoming?...yeah i'd have to agree with that, for sure. But i'd rather them fix the issue and fully understand what happened, why and make sure that it has a low probability of happening again.

I can certainly understand peoples eagerness to know WTF details, but we're fans not shareholders...i am positive that the hak5 crew feel as violated as we do.

I don't know that it's entirely for "WTF" reasons... we watch shows on executing the cold boot attack, cracking WiFi, etc, but this is a REAL security breach. You would think that out of anything that's happened, we could use this as a "learnable situation," discussing whats happened, how it was fixed, and how it can be prevented (if it can be prevented).

It sucks, for sure, but the damage is done (literally and figuratively,) the only thing that the group can control after the fact is how they handle the situation. I think at this point it's turning lemons into lemonade for the community.

[Mark Manching]

@sniper7kills and @Sparda

Oh S#it... it's official my username is now our their list. my previous passwords are stored on their database. and hak.5 and other non hak.5 site are attaking some buch of idiots. so i changed my passwords also

IMHO that some 1337 hax0rs want to steal their own personal infomation

[V`cent]

Gotta be a logger installed somewhere, since its almost half a year since last time i logged in to the forums, and my username is not on the list.. I love how they got some viagra sellers on the list too :D

[nicatronTg]

I don't want to draw any attention, but on that list someone's password is "chocolate", as well as "westside". I'm sure they've changed that by now, but doesn't that give you an idea of how crummy some people's passwords were/are?

[cykio]

I dunno I only use my password for this forum and no where else.

If someone does find it out not much that they can do with it except getting me banned off the forums for posting bad things..

I'm sure mods and admins have proper passwords