Please visit our sponsors.


Exploits
News
Search
Documentation
Do you have security related news? Please e-mail it to news@rootshell.com.

COMDEX Website Defaced
2/19/98 9:41PM PDT
The website for the popular computer convention Comdex was defaced by a group called "E-pRoM" this evening. A quick check shows that they are running the web server "Oracle_Web_listener2.1/1.20in2". No other details are available at this time.

  • rootshell.com - archive of defaced site.
  • comdex.com - Official Website
    Origin of "Hackers Emergency Response Team" Challenged
    2/19/99 3:48PM PDT
    The members of HERT Emergency Response Team have issued a statement that they have been using the name "HERT" long before the french "Hackers Emergency Response Team" did.
  • rootshell.com - Official statement from HERT Emergency Response Team
    id Software Website Defaced
    2/16/99 8:15AM PDT
    The main id Software page (makers of Doom, Quake, etc.) has been defaced with a "FREE KEVIN NOW" page from 2600. At this time it appears id Software has taken no action. While we at Rootshell do not highlight every web site that is broken into, we do feel that these serve as a reminder that high profile web sites are attacked very frequently.
  • rootshell.com - archive of defaced site. (Note: The page redirects to mindex.html. I repeat, Rootshell has NOT been hacked.)
  • rootshell.com - actual bug in Website Pro for NT that was used to break into their site.
  • idsoftware.com - defaced web site.
    FTP Daemons Vulnerable
    2/9/99 11:43AM PDT
    Netect, Inc. issued an advisory today stating that Wuarchive ftpd (2.4.2-academ[BETA-18]) and ProFTPD (1.2.0pre1) contain remotely exploitable buffer overflows allowing root access.
  • rootshell.com - Local copy of advisory
    Updates Coming Soon
    2/8/99 4:17PM PDT
    More updates to the exploits section are coming soon. We are way behind and attempting to catch up. The "are you really alive?" e-mails can stop.
    Chinese crackers sentenced to death
    12/29/98 2:44PM PDT
    Two crackers who stole $31,400 from a bank in eastern China have been sentenced to DEATH.
  • news.com - Chinese hackers sentenced to death
  • cnn.com - China sentences hackers to death for bank theft
  • slashdot.org - China Sentences Crackers To Death
    Smurf Amplifier List Released
    12/29/98 2:27PM PDT
    The folks at netscan.org today released a list of the 1024 most egregious offenders who have their networks misconfigured to allow them to be used as a smurf amplifier.
  • netscan.org - Press Release
  • netscan.org - the list
  • rootshell.com - papasmurf.c (Smurf source code)
  • powertech.no - Smurf Amplifier Registry
    Rootshell is Alive
    12/1/98 11:24AM PDT
    Rootshell is alive. We've been busy and the updates haven't been as frequent as they normally are. We should be back to normal soon. In the meantime check out the new exploits added to the December section.
    SSH Admits Buffer Overflow in 1.2.26 client
    11/5/98 8:44AM PDT
    This morning SSH Communications Security LTD. released information about a buffer overflow in its ssh 1.2.26 client kerberos code. This came as quite a surprise after SSH was very bullish about there being no buffer overflows in their code. While it is VERY hard to exploit and only works under certain conditions, it is still a valid security hole. PLEASE REMEMBER, ROOTSHELL HAS NEVER STATED THAT THE BREAK-IN WE HAD WAS FROM A SECURITY HOLE IN SSH. Anyone who believes otherwise has read too far into what we have said.
  • rootshell.com - Official statement from SSH
    Rootshell Defaced
    10/28/98 8:44AM PDT
    On Wed Oct 28th at 5:12AM PST the main Rootshell page was defaced by a group of crackers. Rootshell was first informed of this incident at 6:00 AM PST and the site was immediately brought offline. The site was back up and operational by 8:00AM PST.

    We are still in the process of investigating the exact methods that were used. The paranoid MAY want to disable ssh 1.2.26. Rootshell runs Linux 2.0.35, ssh 1.2.26, qmail 1.03, Apache 1.3.3 and nothing else. The attackers used further filesystem corruption to make it harder to remove the damaged HTML files.

    More information about SSH may be found at http://www.ssh.fi/sshprotocols2/index.html

  • rootshell.com - Archive of defaced site.
  • rootshell.com - Security bulletin #25
    OpenSite Web Auctions truely open
    9/24/98 8:22AM PDT
    OpenSite Technologies, Inc. has a product allowing sites to offer Web Auctions. Apparently most sites using this software have it misconfigured and anyone browsing their site has access to users credit cards and personal information. If you are a user of this software please contact OpenSite for information on securing your website.
  • news.com - Auctions close major security hole
    Rootshell t-shirts coming soon!
    9/22/98 11:28AM PDT
    Rootshell t-shirts are coming soon! In order to anticipate demand if you think you might be interested in purchasing a t-shirt please click on this link. It is looking like t-shirts will be priced somewhere around $15-$18 US. If you have any design ideas submit them to tshirt@rootshell.com
    Swedish political site hacked
    9/20/98 11:16AM PDT
    In news that is becoming all too common, just hours before election voting began the web site of Sweden's main opposition party was defaced by crackers.
  • news.com - Swedish political site hacked
    Lesbian group latest target of crackers
    9/16/98 8:21AM PDT
    The lesbian group Women Online has had their web site http://www.lesbian.org/ defaced as they are the latest victim of malicious crackers. The group Lumberjacks is claiming responsibility for this latest example of people looking for attention from their peers.
  • rootshell.com - Archive of hacked site.
    Mexican Crackers Strike Again
    9/16/98 7:54AM PDT
    A group of Mexican crackers has attacked the Mexican government again by defacing the web site http://www.sanpedro.gob.mx The group X-Ploit encourages its brothers to join them in their fight against the corrupt Mexican government.
  • rootshell.com - e-mail sent to Rootshell by X-ploit
  • rootshell.com - Archive of hacked site
    Hacker Accused of Using U S West
    9/15/98 2:40PM PDT
    Apparently a contract computer consultant for US west diverted CPU from 2,585 computers on their internal network to help him on his quest to find a new prime number.
  • washingtonpost.com - Hacker Accused of Using U S West
  • ap.org (Assoicated Press)
    Kansas City Online (KC.NET) Hacked
    9/15/98 9:26AM PDT
    The website provider KC.NET has been hacked by a group called "Havok". A person by the name os OseK is taking credit for the hack, although there appear to be several people who go by this handle. We have no proof that the person who broke into the KC.NET network actually goes by the name OseK, however the hacked sites do have this handle all over them. After speaking with KC.NET we have learned that the crackers made use of a bug in IRIX's "at" command that has no patch at this time. They have been forced to block all outside access to shell accounts in an attempt to block future attacks.
  • rootshell.com - Archive of hacked KC.NET sites.
    Slashdot Hacked
    9/14/98 5:47PM PDT
    The popular news site slashdot.org was hacked today leaving the site down for several hours. Slashdot is now back online but has yet to determine the cause of the breakin. This is another example of a rash of website breakins all over the net.
  • rootshell.com - Archive of hacked site.
  • slashdot.org - Slashdot Gets Hacked
    New York Times Website Hacked
    9/14/98 10:54AM PDT
    A group called "HFG" hacked the Times web site on Sunday forcing them to go offline for more than 9 hours while they secured their network. The hacked site even mocked Rootshell. Don't we feel special.
  • nytimes.com - Hacker Group Commandeers Times Web Site
  • 2600.com - Hacked
  • antionline.com - NyTimes Hacked
  • news.com - Hacking closes N.Y. Times site
  • cnn.com - N.Y. Times Web page back online after hacker attack
  • wired.com - All the News That's Fit to Hack
  • msnbc.com - N.Y. Times site hacked
  • techweb.com - Hackers Force Times To Hold The Front Page
  • zdnet.com - NY Times site disabled by vengeful hackers
    Hackers and Crackers Go Mainstream
    8/26/98 8:22AM PDT
    A nice review of Rootshell was done on the Techsightings page as it is featured as a sighting of the day. We seem to be getting more press now than ever.
  • techsightings.com - Review of Rootshell
    Fake @microsoft.com e-mail spammed with trojan
    8/10/98 11:12AM PDT
    A user calling himself "Bad Sector" has sent out a mass e-mail to users containing a trojan called "Ie080898.exe". Rootshell has been working with Wired news on the issue and reports of users from the US to Australia have been coming in. Rootshell has confirmed that the trojan is not Back Orifice and appears to be nothing more than a program that sends an e-mail bomb to some users in Bulgaria (.bg TLD). As always never run untrusted software. More information will follow with the release of the Wired article.
  • rootshell.com - Actual copy of the e-mail

    Lotus Disputes Notes Bug
    8/10/98 9:42AM PDT
    After L0pht released an advisory on Notes 4.6 one of our readers tipped us off to the fact that they didn't believe it was an actual bug. (See lotusnotes.txt on Rootshell). News organizations are now printing stories where Lotus disputes L0phts claims as well.

  • news.com - Lotus: Notes glitch is not a bug

    Real Networks posts fix to UDP bug
    8/6/98 9:44PM PDT
    Real Networks has released a fix for the bug Rootshell discovered back in June that allows a would be attacker to crash a remote users player causing it to consume 100% of free CPU.

  • real.com - Download the latest Real Player
  • redhat.com - Updated RPMs for Redhat Linux users

    Linux Security Audit Project off to a good start
    8/6/98 9:38PM PDT
    The Linux Security Audit Project is off to a good start after already identifying security holes in dosemu, ncurses, slang, termcap, metamail, tin, bsd games and elm. If you are interested in getting involved read their FAQ and get on their mailing list.

  • LSAP home page - Updated FAQ
  • NASA - Full mailing list archive.

    WIPO Update - House Passes Digital Millennium Copyright Act
    8/5/98 3:10PM PDT
    The new Digital Millennium Copyright Act which threatens to make sites like Rootshell illegal was passed by the House on Tue May 4th, but not before some changes were made. Under the changes "Encryption Research" is now permitted. It is unclear at this point what the full legal implications will be.

  • news.com - Congress clears copyright act
  • wired.com - Bill Sets Off Security Alarm

    Mexican Crackers deface Finance Ministry's Web Site
    8/5/98 3:05PM PDT
    A group of mexican crackers appear to have declared electronic war on the Mexican state.

  • news.com - Mexican hackers speak out

    Microsoft responds to Back Orifice
    8/5/98 2:43PM PDT
    Under pressure from its users Microsoft has released a statement about the release of Back Orifice downplaying it to the public and making false statements. See for yourself.

  • Official Microsoft Press Release
  • wired.com - Microsoft Discounts Threat

    Old news...

    •  
    By using this site you agree you will use the information on this site for lawful purposes only and will not use this information to gain unauthorized access. Information on this site is for educational purposes ONLY. If you do not agree with this, please leave now.