

‘Gnosis’ Explains The Method And Reasoning Behind Gawker Media Hack - ssclafani
http://www.mediaite.com/online/exclusive-gawker-hacker-gnosis-explains-method-and-reasoning-behind-his-actions/

======
vinhboy
Oh damn, I am dying to know how they did it. They talked about gawker having
outdated kernels. I can understand a compromised staff password, a sql
injection, some other weak link in the chain. But a kernel exploit would be
crazy. For complete security we have to worry about our kernels too??

~~~
trotsky
Nine times out of ten with a targeted compromise like this the trail will lead
back to a successful spear phishing campaign. Blanket the staff with a
malicious pdf, an exclusive first look at a new popular executable, or an
older browser exploit. Once you've compromised a client machine (essentially
inevitable as long as you have a few dozen or more staff), use that to
discover CMS/FTP/SSH credentials, or impersonate the user to request new ones.
Once you have a user login on the server, as noted the old kernel reference
was undoubtedly connected to a privilege escalation.

Directly exploiting remote flaws in an OS on a major website is usually going
to be pretty hard - they focus security efforts there and if there were any
existing flaws they'd likely already have been compromised by them (and since
fixed it)

------
gasull
Good article. But, if the article says right away that Gnosis has nothing to
do with Anonymous, what is the Anonymous logo doing there? Why not the Gnosis
ASCII-banner logo?

Are journalist really that lame?

~~~
angrycoder
Tonight, on CNN a security expert said that the attacks from Anonymous were
carried out by a bot net of billions of computers.

So, yeah.

------
kristaps
The release at <http://pastebin.com/9rRmf6W5> contains this gem:

> Gawker uses a really outdated hashing algorithm known as DES (Data
> Encryption Standard). Because DES has a maximum of 8chars using a password
> like "abcdefgh1234" only the first 8 characters "abcdefgh" are encrypted and
> stored in the database.

That doesn't make me think the hacks were very sophisticated.

------
olalonde
> Of these users one is registered under a .gov email address, 3 are from a
> .mil addres and 52 are from .edu addresses.

Hope they were just throw away accounts.

~~~
kissickas
Now I wish I had my password as "password," as a matter of fact, because now I
have to go do some password changing (I know, my fault).

Also, I'm pretty sure they meant to write "qwerty," not "querty."

