funsec mailing list archives
Re: BSDNews.com is hacked and user information is exposed
From: "Jim O'Gorman" <jameso () elwood net>
Date: Fri, 25 Apr 2008 16:55:19 -0500
Yeah, the site that originally had the usernames/passwords posted seems to be down (for me at least) right now. Other site is has closed public access to the forums, but the google cache is still up. More at http://www.elwood.net/post/32863299. Myself, I am just sorry I waited a week to make it public. I thought the BSDnews people would be more on the ball then they turned out to be. Notice finally came out today after Evan posted the news and other sites picked up on it. I still don't understand why they were keeping plaintext passwords for all their users. -- Jim O'Gorman jameso () elwood net http://www.elwood.net On Fri, Apr 25, 2008 at 4:32 PM, Paul Ferguson <fergdawg () netzero net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FYI. [snip] Breach Description: It appears that the BSDNews.com web site may have been compromised through an exploit of a file named "bottom.php3", which was used by the site. The attacker was able to access and download user account information. As of the time of this writing, BSDNews.com is offline. [snip] More: http://breachblog.com/2008/04/25/bsdnews.aspx - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIEk34q1pz9mNUZTMRAtiOAKC87i4swNDK6pZz7oqcM86A9QIEugCfQGGc fP6nWpdmonXHXqGuYL42RGo= =gzQK -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- BSDNews.com is hacked and user information is exposed Paul Ferguson (Apr 25)
- Re: BSDNews.com is hacked and user information is exposed Jim O'Gorman (Apr 25)
- Re: BSDNews.com is hacked and user information is exposed Jim O'Gorman (Apr 25)
- Re: BSDNews.com is hacked and user information is exposed Jim O'Gorman (Apr 28)