Comments on: SSAATY site compromised Sunday

By: Security Ripcord » Blog Archive » Cutaway at DefCon 16

Security Ripcord » Blog Archive » Cutaway at DefCon 16 — Thu, 14 Aug 2008 12:15:50 +0000

[...] generally happy, and very personable. It was a same to see that he was subject of a “blog compromise” and I hope all goes well for him. It was my first opportunity to meet Chris and [...]

By: Martin

Martin — Mon, 11 Aug 2008 21:45:22 +0000

I can’t give you any details: first, they’re not mine to give, second, there’s a good chance that this will be investigated by the authorities so I couldn’t even give you what little information I have.

Martin

By: bkay

bkay — Mon, 11 Aug 2008 21:41:23 +0000

What I’m wondering about, is how they compromised both accounts? Might give us some advice before the next guy becomes a victim.

By: Martin

Martin — Mon, 11 Aug 2008 19:54:33 +0000

Someone told me about that, but I was so wrapped up in Alan’s problems that I’d forgotten. I don’t know much about PPD, which was the other reason I forgot. The term that seems to keep coming up in reference to these guys is “asshats”

By: Tom

Tom — Mon, 11 Aug 2008 19:46:51 +0000

Looks like they are targeting many more then just Alan:

http://mokumvonamsterdam.blogspot.com/2008/08/pdps-older-mailbox-volumes-compromized.html

pdp from GNUCITIZEN was the first victim earlier in the week.

By: » A Flaw in NoScript Firefox Plugin!!!

» A Flaw in NoScript Firefox Plugin!!! — Mon, 11 Aug 2008 19:31:57 +0000

[...] seems obvious now that I see it, but I never thought about it until Alan’s blog got compromised. My advice would be to whitelist as little as possible and to use the temporary allow feature [...]

By: Martin

Martin — Mon, 11 Aug 2008 18:11:54 +0000

Brian – You had to go there, didn’t you. Don’t say you weren’t warned.

Armando – The feedburner badge has been fixed, at least it’s showing up properly on my site now. If it wasn’t in your RSS feeds, the initial attacks on the blog were more than gratuitous. The redirect of the DNS was just the latest attack on Alan personally.

Martin

By: Armando Romeo

Armando Romeo — Mon, 11 Aug 2008 18:02:15 +0000

Main problem is that the network badge has been compromised, image changed and the hackers have been quite merciful with the whole network in my opinion. Defacing all the sites in the network (showing the badge) was as easy as 1 js line.

Beside this, hack to Alan was disgusting and gratuitous.

By: Brian

Brian — Mon, 11 Aug 2008 17:57:56 +0000

I just had to check…and you’re right, I didn’t actually want to see that site.