

Imageshack.us being hacked ? - lamnk

Example: http://img65.imageshack.us/img65/6351/iphoneua8.jpg<p>You can do a search for any keyword on imageshack, and look at result. A lot of pictures on imageshack are replaced with this image. As I see thumbnails are untouched but all direct links point to the poster in example.<p>Quite a fatal blow to imageshack with a very bad (good?) timing ...
======
bcl
The anti-sec 'movement' is a front for those who want to keep their exploits
to themselves, trading them in secret and not contributing anything to
improving the security of software.

Full disclosure lets everyone learn from mistakes, as well as forces the
vendors to actually fix their damn bugs instead of leaving software you depend
on vulnerable until they get around to patching it.

~~~
req2
How is full disclosure better than patching open source or contacting vendors
and providing them with a discreet update?

~~~
bcl
You should submit patches and contact the vendors. But history has shown that
many vendors will, in general, ignore you until a demonstrated exploit is
available. They still believe that security by obscurity is a valid way to
protect their customers.

I should say that I am not a fan of 0-day exploit releases. You should at
least try to convince the vendor to do the right thing. But failing that, a
full disclosure release is the only way to force them to act.

And by full disclosure I do mean a detailed description of the problem, with
code demonstrating the exploit.

------
hachiya
The email sent here is informative.
<http://seclists.org/fulldisclosure/2009/Jul/0095.html>

It's informative because it pretends to imply a little information about how
imageshack.us was compromised:

    
    
      > anti-sec:~/pwn# perl img-scan.pl
    
      > Found img1.imageshack.us - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
    
      >
    
      > [snip]
    
      >
    
      > Found img998.imageshack.us - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
    
      > anti-sec:~/pwn# perl mass-pwn.pl
    

This would lead one to believe that imageshack was scanned, a system with
lighttpd and SSH was found, and it was immediately compromised due to at least
one of those two services.

Similar to the copy and paste from the OpenSSH 0-day rumor.

This is information voluntarily provided by the perpetrator, apparently. Since
this person is interested in "anti-security" and keeping exploit knowledge
secret, why would he let on any information about the compromise, including
which service was involved in his gain of unauthorized access?

Why go to the effort to make out lighttpd or SSH were involved, when
disclosing this goes against his proclaimed agenda?

Because it likely has nothing to do with the compromise, and these guys enjoy
starting rumors and watching the effects spread across the internet?

Hmmm, could be?

------
nihilocrat
Just saw this as well. I was really annoyed someone decided to use a
huuuuuuuge forum avatar until I figured out what was happening.

Very, very clever way of sending a message out. I'm not a security expert, so
I can't judge if full disclosure is bad or good, but I wish they wrote an
argument for an alternative to full disclosure.

------
Keyframe
<http://seclists.org/fulldisclosure/2009/Jul/0095.html>

edit: looks like they have recovered from the hack!

------
fgimenez
Looks like imageshack is down. Here's the image I saved before:
<http://imgur.com/wCaS0.jpg>

~~~
duskwuff
Not down, but some of their servers are swamped. Apparently most of their
images used to be under 400 kB, and suddenly they're serving up a lot more
data than they planned for.

------
blasdel
The anti-sec movement's opposition to the security industry has counterparts
in the spam world -- the asshat at SORBS despises SpamHaus -- because they
_'make money from spam'_.

