funsec mailing list archives

Re: Bill O'Reilly Website Hacked

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 19 Sep 2008 20:26:16 -0400

Will Mr. O'Reilly be notifying all of his subscribes of the breach?  He
might also want to point out that if someone has used the same password at
BillOReilly.com and their email account, then the bad guys can potentially
break into a lot of other Web site accounts.

Richard

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Paul Ferguson
Sent: Friday, September 19, 2008 8:11 PM
To: funsec () linuxbox org
Subject: [funsec] Bill O'Reilly Website Hacked

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via Wikileaks.org.

[snip]

Wikileaks has been informed the hack was a response to the pundit's recent
scurrilous attacks over the Sarah Palin's email story--including on
Wikileaks and other members of the press. Hacktivists, thumbing their noses
at the pundit, took control of O'Reilly's main site, BillOReilly.com.
According to our source, the security protecting O'Reilly's site and
subscribers was "non-existent".

[...] image[s], submitted to Wikileaks and confirmed by Wikileaks staff,
offers proof of the hack. The image, clearly obtained from BillOreilly.com's
administrative interface, shows a detailled list -- including passwords --
of BillOreilly.com subscribers. Although Wikileaks has only released one
page, it must be assumed that Bill O'Reilly's entire subscriber list is, as
of now, in the public domain.

[snip]

More:
http://wikileaks.org/wiki/Bill_O%27Reilly_hacked_2008

This could get interesting...

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFI1D+Uq1pz9mNUZTMRAtiPAJ0Ub3Lby3CB7JLw07N4HS7olPAmSACfXihw
1zh5xk5dl/4FsVZcjYMBDLA=
=2fb5
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet  fergdawg(at)netzero.net  ferg's
tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Bill O'Reilly Website Hacked Paul Ferguson (Sep 19)
- Re: Bill O'Reilly Website Hacked Richard M. Smith (Sep 19)
- Re: Bill O'Reilly Website Hacked Chris Blask (Sep 19)
- <Possible follow-ups>
- Re: Bill O'Reilly Website Hacked Paul Ferguson (Sep 19)