Más intrusiones como reprecusión del incidente de SourceForge.net

El mismo intruso que accedió a SourceForge.net, aparentemente consiguió además hacerse de varias contraseñas más, entre las cuales pudo obtener las de sitios como Themes.org, una de las víctimas hasta el momento, y, según se presume, también de Apache.org y varios sitios más. La intrusión la logró sembrando un troyano en un ISP, a través del cual el cracker consiguió obterner control total de este y fue posible interceptar al empleado de SourceForge al acceder a SourceForge.net. De ahí obtuvo las contraseñas de varios sitios más, las cuales publicó como trofeo en la misma página vulnerada de Themes.org. Estos eventos no van a pasar desapercibidos, ya que dadas las circunstancias actuales y algunos comentarios del delincuente responsable, con la guerra de declaraciones con Microsoft en los últimos días, seguramente los medios y Microsoft va a tomar ventaja de esto como sea. Hay un muy evidente patrón de actividad en todo esto. El texto original del mensaje dejado en Themes.org, excepto por las contraseñas, a continuación.

Este es el mensaje original:

----------------

The site's "shell server" was compromised May 22 after a SourceForge employee logged on to an outside Internet service provider that had already been taken over by the intruder, said Pat McGovern, site director of SourceForge.net. When the staff member logged on to SourceForge remotely, the intruder captured the password.

Well some of that is true, I mean I did trojan ssh but I did it about 5 months ago, so kudos to the admin you sir are awesome..

"What happened was the (ISP) was compromised and had not known it," McGovern said, adding that the site's administrator quickly noticed the intruder and shut systems down. "Basically we had to go through and rebuild the machine, and then we checked the log file of everyone who used the machine."

hrm I guess that could alos be considered true, if by true you mean, finding out every box on your networque is owned 5 months after the fact and only due to my own boredom that consisted of me ircing it infront of the admin, by the way good job of auditing your network, wait thats just too much sarcasm for one sentence..

After the attack, VA removed the shell service until workers could reinstall the software and data on the server. The shell server allowed SourceForge members to type commands into the system remotely. On Thursday, the company posted an alert that the shell server couldn't be used because of an "unscheduled maintenance event."

It alos allowed me to sniff my way onto apache.org and sourceforge webserver and leave all sorts of goodies in the code..

In this case, they only got into a shell server," McGovern said.

Hey, theres no disputing that, I mean.. wait.. Whats this I'm defacing ?

The company alos decided to shut down its "compile farm," a collection of computers running different operating systems on which SourceForge developers can test their software.

Why would they shut down other boxes, if only the shell server was hacked ?

Although illicit modifications to the programming projects are a concern, McGovern said the intruder didn't get that far. oh come now, you're just being silly.. Its oque thought I dont blame you guys, I mean atleast you admited to being schooled, thats more then I can say for akamai, but thats a different story all together.. But never the less, I'd like to thanque valinux.. apache.. akamai and ofcourse exodus without their poor security and refusal to make security breaches known to the public I wouldnt be sitting atop a mountain of roots and oodles of proprietary software.. This is the fluffy bunny signing of.. beep..

-fluffy@#blackpanthers on efnet (the scourge of efnet)

Greets to: dianora.. tsk.. squrl.. cumstud.. glitch.. snow.. dwalrus.. cotton butt.. JAIL MITNICK! / FREE THE SHDWKNGHT!!!!!

-----------------

A partir de aquí iban las contraseñas.

Comentarios (0)


Alcance Libre
http://www.alcancelibre.org/article.php/20010530223125108