xorl %eax, %eax

Archive for the ‘hax’ Category

News: IBM DeveloperWorks got Owned

leave a comment »

I was reading the Full-Disclosure mailing list when I came across this thread. I don’t know how valid this is since I didn’t have the opportunity to see it myself and I only got the following screen capture from the mailing list.



Update:
From the FD mailing list Juha-Matti Laurio posted the following zone-h mirror of the hack:
http://zone-h.org/mirror/id/12878142

Written by xorl

January 9, 2011 at 19:23

Posted in hax, news

News: Owned and Exposed No.2

with 5 comments

Merry Christmas! Today the “Owned and Exposed No.2” was released featuring:
– carders.cc
– inj3ct0r
– ettercap
– exploit-db
– backtrack
– free-hack
And many many lulz… Enjoy!

Update:
I have just been informed via twitter that dumps of the carders.cc, inj3ct0r and free-hack are now publicly available. You can find more information in this URL.

Written by xorl

December 25, 2010 at 19:56

Posted in hax, news

News: phpMyFAQ Project Backdoored

with 3 comments

Heh… This week has more disclosed hacks and discovered backdoors than killed bug. :P

This one was disclosed by VUPEN Security and it’s about this PHP project. The backdoor is installed in releases 2.6.11 and 2.6.12 and it’s placed in getTopTen() function located in inc/Faq.php file. For completeness, here is the official VUPEN’s security advisory for this backdoor, and here is the project’s one.

Unfortunately, the backdoored version of the project was removed from the tubes and that’s why the hacked code isn’t part of this post. :(

If you have the source code of inc/Faq.php downloaded between December 4 and 15 and you want me to publish it here, drop me an email.

Written by xorl

December 16, 2010 at 20:31

Posted in hax, news

News: DevianART Databse Hack

leave a comment »

Another incident that I was informed by this pipes’ tweet is the next one. The well known website’s database containing 13 million email records was hacked. :)

Written by xorl

December 15, 2010 at 03:42

Posted in hax, news

News: McDonald’s Customer Databse Hacked

leave a comment »

Unfortunately, this is not very appropriate for the “news” since it’s quite old by now. For historical purposes I’m publishing this post. On Monday, 13 December 2010 hackers gained access to a McDonald’s database containing data of people whi voluntarily signed up for its websites and promotions. For further details you can read Reuters official report.

Written by xorl

December 15, 2010 at 03:37

Posted in hax, news

News: avast.se got pwned

leave a comment »

I have just been informed by d3v1l‘s twitter message, that avast.se which is the Swedish mirror of the popular Anti-Virus software was defaced. The site still returns the altered index page by the time of this writing but as a reference, here is its zone-h mirror record.
And below is a screen capture I got:



It’s also quite ironic that the broken lock image in the defacement page was obtained by a Gawker‘s server…




Written by xorl

December 14, 2010 at 18:29

Posted in hax, news

News: HP StorageWorks P2000 G3 Modular Smart Array Backdoor

leave a comment »

A few minutes ago I read this email on Bugtraq mailing list which is the following:

Hi,

i just found out that there is a hidden user on every HP MSA2000 G3 
SAN out there:

username: admin
password: !admin

this user doesnt show up in the user manager, and the password 
cannot be changed - looks like the perfect backdoor for everybody.

Ha! So, another popular product is backdoored by default. Not bad… :P

Written by xorl

December 14, 2010 at 15:54

Posted in hax, news

Follow

Get every new post delivered to your Inbox.

Join 63 other followers