

Multiple top-security sites hacked (zf05) - sucuri2
http://blog.sucuri.net/2009/07/multiple-top-security-sites-hacked-zf05.html

======
jacquesm
choice quote:

"You cannot outsource blame. You HAVE to take responsibility for your
mistakes, whether they are mistakes in your code, mistakes in code you are
using, mistakes by your host, or mistakes in who you trust. These are all
security choices. Learn to control this shit. Learn how to read code. A lot of
the time it only takes a very shallow audit to realise that the code is crap
and is bound to have bugs. In a smarter world, security professionals get paid
to stop people from getting owned. End of. These is no limit to the scope of
an audit."

------
bcl
Ouch. looks like they rm -rf /* mitnick's box. I'd like to know how they got
in. I see some logs of phpmyadmin directory traversal attempts so maybe that
and a weak system password?

------
GloryFish
cat zf05.txt | grep gloryfish

~~~
jacquesm
ptacek rates a mention

