Aug 11 2008

SSAATY site compromised Sunday

Published by at 6:38 am under Hacking

Update:  It appears that Alan has regained control of his DNS.  Hopefully more good news to follow.

Yesterday morning the Still Secure After All These Years website was compromised and defaced. The attackers compromised Alan Shimel’s blog, posted personal information to a mailing list and have basically made some very hateful attacks on Alan as a person. This has not been a joke, it’s been a targeted attack on one person and it’s being treated as a serious event.

Alan is in recovery mode and thanks to a number of contacts is in the process of recovering his blog, his DNS and other accounts that were also compromised. However, the DNS of his site was compromised for several hours and as of this writing the SSAATY DNS was still pointing to a site most of us would rather not visit and we do not know if the site hosts any malware. The DNS has been fixed, but as we all know, it can take days to propagate through the Internet.

I’ve talked to Alan, he will be responding, but I can’t say when. He’s talking to the appropriate authorities, which may delay his response significantly.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

9 responses so far

9 Responses to “SSAATY site compromised Sunday”

  1. Brianon 11 Aug 2008 at 9:57 am

    I just had to check…and you’re right, I didn’t actually want to see that site.

  2. Armando Romeoon 11 Aug 2008 at 10:02 am

    Main problem is that the network badge has been compromised, image changed and the hackers have been quite merciful with the whole network in my opinion. Defacing all the sites in the network (showing the badge) was as easy as 1 js line.

    Beside this, hack to Alan was disgusting and gratuitous.

  3. Martinon 11 Aug 2008 at 10:11 am

    Brian – You had to go there, didn’t you. :-) Don’t say you weren’t warned.

    Armando – The feedburner badge has been fixed, at least it’s showing up properly on my site now. If it wasn’t in your RSS feeds, the initial attacks on the blog were more than gratuitous. The redirect of the DNS was just the latest attack on Alan personally.

    Martin

  4. » A Flaw in NoScript Firefox Plugin!!!on 11 Aug 2008 at 11:31 am

    […] seems obvious now that I see it, but I never thought about it until Alan’s blog got compromised.  My advice would be to whitelist as little as possible and to use the temporary allow feature […]

  5. Tomon 11 Aug 2008 at 11:46 am

    Looks like they are targeting many more then just Alan:

    http://mokumvonamsterdam.blogspot.com/2008/08/pdps-older-mailbox-volumes-compromized.html

    pdp from GNUCITIZEN was the first victim earlier in the week.

  6. Martinon 11 Aug 2008 at 11:54 am

    Someone told me about that, but I was so wrapped up in Alan’s problems that I’d forgotten. I don’t know much about PPD, which was the other reason I forgot. The term that seems to keep coming up in reference to these guys is “asshats”

  7. bkayon 11 Aug 2008 at 1:41 pm

    What I’m wondering about, is how they compromised both accounts? Might give us some advice before the next guy becomes a victim.

  8. Martinon 11 Aug 2008 at 1:45 pm

    I can’t give you any details: first, they’re not mine to give, second, there’s a good chance that this will be investigated by the authorities so I couldn’t even give you what little information I have.

    Martin

  9. […] generally happy, and very personable.  It was a same to see that he was subject of a “blog compromise” and I hope all goes well for him.  It was my first opportunity to meet Chris and […]

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: