|
Do you have security related news? Please e-mail it to news@rootshell.com.
COMDEX Website Defaced
2/19/98 9:41PM PDT |
The website for the popular computer convention Comdex was defaced by a
group called "E-pRoM" this evening. A quick check shows that they are
running the web server "Oracle_Web_listener2.1/1.20in2". No other details
are available at this time.
rootshell.com - archive of defaced site.
comdex.com - Official Website
Origin of "Hackers Emergency Response Team" Challenged
2/19/99 3:48PM PDT |
The members of HERT Emergency Response Team have issued a statement that
they have been using the name "HERT" long before the french "Hackers
Emergency Response Team" did.
rootshell.com - Official statement from HERT Emergency Response Team
id Software Website Defaced
2/16/99 8:15AM PDT |
The main id Software page (makers of Doom, Quake, etc.) has been defaced
with a "FREE KEVIN NOW" page from 2600. At this time it appears id Software
has taken no action. While we at Rootshell do not highlight every web site
that is broken into, we do feel that these serve as a reminder that high
profile web sites are attacked very frequently.
rootshell.com - archive of defaced site. (Note: The page redirects to mindex.html. I repeat, Rootshell has NOT been hacked.)
rootshell.com - actual bug in Website Pro for NT that was used to break into their site.
idsoftware.com - defaced web site.
FTP Daemons Vulnerable
2/9/99 11:43AM PDT |
Netect, Inc. issued an advisory today stating that Wuarchive ftpd
(2.4.2-academ[BETA-18]) and ProFTPD (1.2.0pre1) contain remotely exploitable
buffer overflows allowing root access.
rootshell.com - Local copy of advisory
Updates Coming Soon
2/8/99 4:17PM PDT |
More updates to the exploits section are coming soon. We are way behind and
attempting to catch up. The "are you really alive?" e-mails can stop.
Chinese crackers sentenced to death
12/29/98 2:44PM PDT |
Two crackers who stole $31,400 from a bank in eastern China have been
sentenced to DEATH.
news.com - Chinese hackers sentenced to death
cnn.com - China sentences hackers to death for bank theft
slashdot.org - China Sentences Crackers To Death
Smurf Amplifier List Released
12/29/98 2:27PM PDT |
The folks at netscan.org today released a list of the 1024 most egregious
offenders who have their networks misconfigured to allow them to be used as
a smurf amplifier.
netscan.org - Press Release
netscan.org - the list
rootshell.com - papasmurf.c (Smurf source code)
powertech.no - Smurf Amplifier Registry
Rootshell is Alive
12/1/98 11:24AM PDT |
Rootshell is alive. We've been busy and the updates haven't been as
frequent as they normally are. We should be back to normal soon.
In the meantime check out the new exploits added to the December section.
SSH Admits Buffer Overflow in 1.2.26 client
11/5/98 8:44AM PDT |
This morning SSH Communications Security LTD. released information about a
buffer overflow in its ssh 1.2.26 client kerberos code. This came as quite
a surprise after SSH was very bullish about there being no buffer overflows
in their code. While it is VERY hard to exploit and only works under
certain conditions, it is still a valid security hole. PLEASE REMEMBER,
ROOTSHELL HAS NEVER STATED THAT THE BREAK-IN WE HAD WAS FROM A SECURITY HOLE
IN SSH. Anyone who believes otherwise has read too far into what we have
said.
rootshell.com - Official statement from SSH
Rootshell Defaced
10/28/98 8:44AM PDT |
On Wed Oct 28th at 5:12AM PST the main Rootshell page was defaced by a group
of crackers. Rootshell was first informed of this incident at 6:00 AM PST and the site
was immediately brought offline. The site was back up and operational by
8:00AM PST.
We are still in the process of investigating the exact methods that were
used. The paranoid MAY want to disable ssh 1.2.26. Rootshell runs Linux
2.0.35, ssh 1.2.26, qmail 1.03, Apache 1.3.3 and nothing else. The
attackers used further filesystem corruption to make it harder to remove the
damaged HTML files.
More information about SSH may be found at
http://www.ssh.fi/sshprotocols2/index.html
rootshell.com - Archive of defaced site.
rootshell.com - Security bulletin #25
OpenSite Web Auctions truely open
9/24/98 8:22AM PDT |
OpenSite Technologies,
Inc. has a product allowing sites to offer Web Auctions. Apparently
most sites using this software have it misconfigured and anyone browsing
their site has access to users credit cards and personal information. If
you are a user of this software please contact OpenSite for information on
securing your website.
news.com - Auctions close major security hole
Rootshell t-shirts coming soon!
9/22/98 11:28AM PDT |
Rootshell t-shirts are coming soon! In order to anticipate demand if you
think you might be interested in purchasing a t-shirt please click on this
link. It is looking like t-shirts will be priced somewhere around $15-$18
US. If you have any design ideas submit them to tshirt@rootshell.com
Swedish political site hacked
9/20/98 11:16AM PDT |
In news that is becoming all too common, just hours before election voting
began the web site of Sweden's main opposition party was defaced by
crackers.
news.com - Swedish political site hacked
Lesbian group latest target of crackers
9/16/98 8:21AM PDT |
The lesbian group Women Online has had their web site http://www.lesbian.org/ defaced as they
are the latest victim of malicious crackers. The group Lumberjacks is
claiming responsibility for this latest example of people looking for
attention from their peers.
rootshell.com - Archive of hacked site.
Mexican Crackers Strike Again
9/16/98 7:54AM PDT |
A group of Mexican crackers has attacked the Mexican government again by
defacing the web site http://www.sanpedro.gob.mx The group
X-Ploit encourages its brothers to join them in their fight against the
corrupt Mexican government.
rootshell.com - e-mail sent to Rootshell by X-ploit
rootshell.com - Archive of hacked site
Hacker Accused of Using U S West
9/15/98 2:40PM PDT |
Apparently a contract computer consultant for US west diverted CPU from
2,585 computers on their internal network to help him on his quest to find a
new prime number.
washingtonpost.com - Hacker Accused of Using U S West
ap.org (Assoicated Press)
Kansas City Online (KC.NET) Hacked
9/15/98 9:26AM PDT |
The website provider KC.NET has been hacked by a group called "Havok". A
person by the name os OseK is taking credit for the hack, although there
appear to be several people who go by this handle. We have no proof that
the person who broke into the KC.NET network actually goes by the name OseK,
however the hacked sites do have this handle all over them. After speaking
with KC.NET we have learned that the crackers made use of a bug in IRIX's
"at" command that has no patch at this time. They have been forced to block
all outside access to shell accounts in an attempt to block future attacks.
rootshell.com - Archive of hacked KC.NET sites.
Slashdot Hacked
9/14/98 5:47PM PDT |
The popular news site slashdot.org was
hacked today leaving the site down for several hours. Slashdot is now back
online but has yet to determine the cause of the breakin. This is another
example of a rash of website breakins all over the net.
rootshell.com - Archive of hacked site.
slashdot.org - Slashdot Gets Hacked
New York Times Website Hacked
9/14/98 10:54AM PDT |
A group called "HFG" hacked the Times web site on Sunday forcing them to go
offline for more than 9 hours while they secured their network. The hacked site
even mocked Rootshell. Don't we feel special.
nytimes.com - Hacker Group Commandeers Times Web Site
2600.com - Hacked
antionline.com - NyTimes Hacked
news.com - Hacking closes N.Y. Times site
cnn.com - N.Y. Times Web page back online after hacker attack
wired.com - All the News That's Fit to Hack
msnbc.com - N.Y. Times site hacked
techweb.com - Hackers Force Times To Hold The Front Page
zdnet.com - NY Times site disabled by vengeful hackers
Hackers and Crackers Go Mainstream
8/26/98 8:22AM PDT |
A nice review of Rootshell was done on the Techsightings page as it is
featured as a sighting of the day. We seem to be getting more press now
than ever.
techsightings.com - Review of Rootshell
Fake @microsoft.com e-mail spammed with trojan
8/10/98 11:12AM PDT |
A user calling himself "Bad Sector" has sent out a mass e-mail to users
containing a trojan called "Ie080898.exe". Rootshell has been working with
Wired news on the issue and reports of users from the US to Australia have
been coming in. Rootshell has confirmed that the trojan is not Back Orifice
and appears to be nothing more than a program that sends an e-mail bomb to
some users in Bulgaria (.bg TLD). As always never run untrusted software.
More information will follow with the
release of the Wired article.
rootshell.com - Actual copy of the e-mail
Lotus Disputes Notes Bug
8/10/98 9:42AM PDT |
After L0pht released an advisory on Notes 4.6 one of our readers tipped us
off to the fact that they didn't believe it was an actual bug. (See
lotusnotes.txt on Rootshell). News organizations are now printing stories
where Lotus disputes L0phts claims as well.
news.com - Lotus: Notes glitch is not a bug
Real Networks has released a fix for the bug Rootshell discovered back in
June that allows a would be attacker to crash a remote users player causing
it to consume 100% of free CPU.
real.com - Download the latest Real Player
redhat.com - Updated RPMs for Redhat Linux users
Linux Security Audit Project off to a good start
8/6/98 9:38PM PDT |
The Linux Security Audit Project is off to a good start after already
identifying security holes in dosemu, ncurses, slang, termcap, metamail,
tin, bsd games and elm. If you are interested in getting involved read their
FAQ and get on their mailing list.
LSAP home page - Updated FAQ
NASA - Full mailing list archive.
WIPO Update - House Passes Digital Millennium Copyright Act
8/5/98 3:10PM PDT |
The new Digital Millennium Copyright Act which threatens to make sites like
Rootshell illegal was passed by the House on Tue May 4th, but not before
some changes were made.
Under the changes "Encryption Research" is now permitted. It is unclear at
this point what the full legal implications will be.
news.com - Congress clears copyright act
wired.com - Bill Sets Off Security Alarm
Mexican Crackers deface Finance Ministry's Web Site
8/5/98 3:05PM PDT |
A group of mexican crackers appear to have declared electronic war on the
Mexican state.
news.com - Mexican hackers speak out
Under pressure from its users Microsoft has released a statement about the release of Back Orifice
downplaying it to the public and making false statements. See for yourself.
Official Microsoft Press Release
wired.com - Microsoft Discounts Threat
Old news...
|