xorl %eax, %eax

Another quick update on the recent hacks and similar news that made it to the public.

vendor-sec Mailing List
Hehe… This is a cute little story that you can read on various sites. For example, check out this CNET article. According to Marcus Meissner (moderator of the list), their private mailing list was being sniffed at least since January 20. Of course, Mr. M. Meissner though it would be polite to let the mailing list members know about his discovery of the compromise by emailing them and then living the backdoored system online. This resulted in getting ultra-pwned by seeing the mailing list getting rm’d (quite expected after his disclosure of the hack). Happily for some people… Tango down! ;P

EMC RSA Hack
Another high profile hack in the security industry. Check out this post of ComputerWorld to get an idea. Unfortunately, the information regarding this issue are limited to the official company’s statements and this makes it quite difficult knowing what really happened/is happening.

Anonymous vs Bank of America
Basically, you can get an overview of this operation either from the countless news websites such as this one or using Bank of America Suck. I can still recall many so-called “security experts” making fun of Anonymous a couple of years ago. Where are they now?

Anonymous on Bradley Manning’s Side
From the Forbes blog we can read this post about Anonymous’ actions regarding the absolutely unfair and inhuman treatment of Bradley Manning.

French Ministry of Finance Ownage
Another recent and very interesting attack. Here are some information from the Sophos NakedSecurity blog.

PHP.NET Compromise
From Full-Disclosure mailing list we have seen this email today. However, there is still no official report from PHP project and the given website states that the codebase was not backdoored, just altered for demonstration purposes. Currently, the project’s official wiki is offline.

I might have missed some public high profile hack(s) but I think I have included the most important. If you think there should be something more here, leave a comment to let me know. :)

Unfortunately, I didn’t have time to blog about all the neat recent hacks that took place. For this reason I’ll publish this post that basically summarizes the most important (in my opinion) hacks.

– Gregory D. Evans / LIGATT Security Ownage
You can find everything you need at the attrition.org‘s website here. You know, this is one of the attacks that most people knew it was coming and it makes perfectly sense to both the security industry and security enthusiasts seeing Gregory D. Evans getting owned like this.

– Nasdaq Hack
I don’t know anything apart from what’s already public regarding this hack. Consequently, I won’t comment anything here. You can find information in all the major news media sites such as Reuters, CNBC, MSN Breaking News, etc.

– rootkit.com ownage
Most people interested in computer security are aware of rootkit.com which is a community interested in everything about rootkits. It was created on 1999 and many members occasionally release techniques and tools mainly regarding rootkit development. Yesterday their hacked MySQL database was released to public through stfu.cc website.

– HBGary Ownage
Another recent attack to a whitehat is this one. This was a payback attack from the Anonymous who also released more than 4.5GB of private data via torrent which you can find here. Their message to HBGary is:

Greetings HBGary (a computer "security" company),

Your recent claims of "infiltrating" Anonymous amuse us, and so do your attempts at using Anonymous as a means to garner press attention for yourself. How's this for attention?

You brought this upon yourself. You've tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face. You expected a counter-attack in the form of a verbal braul (as you so eloquently put it in one of your private emails), but now you've received the full fury of Anonymous. We award you no points.

What you seem to have failed to realize is that, just because you have the title and general appearence of a "security" company, you're nothing compared to Anonymous. You have little to no security knowledge. Your business thrives off charging ridiclous prices for simple things like NMAPs, and you don't deserve praise or even recognition as security experts. And now you turn to Anonymous for fame and attention? You're a pathetic gathering of media-whoring money-grabbing sycophants who want to reel in business for your equally pathetic company.

Let us teach you a lesson you'll never forget: you don't mess with Anonymous. You especially don't mess with Anonymous simply because you want to jump on a trend for public attention, which Aaron Barr admitted to in the following email:

"But its not about them...its about our audience having the right impression of our capability and the competency of our research. Anonymous will do what every they can to discredit that. and they have the mic so to speak because they are on Al Jazeeera, ABC, CNN, etc. I am going to keep up the debate because I think it is good business but I will be smart about my public responses."

You've clearly overlooked something very obvious here: we are everyone and we are no one. If you swing a sword of malice into Anonymous' innards, we will simply engulf it. You cannot break us, you cannot harm us, even though you have clearly tried...

You think you've gathered full names and home addresses of the "higher-ups" of Anonymous? You haven't. You think Anonymous has a founder and various co-founders? False. You believe that you can sell the information you've found to the FBI? False. Now, why is this one false? We've seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you've "extracted" is publicly available via our IRC networks. The personal details of Anonymous "members" you think you've acquired are, quite simply, nonsense.

So why can't you sell this information to the FBI like you intended? Because we're going to give it to them for free. Your gloriously fallacious work can be a wonder for all to scour, as will all of your private emails (more than 44,000 beauties for the public to enjoy). Now as you're probably aware, Anonymous is quite serious when it comes to things like this, and usually we can elaborate gratuitously on our reasoning behind operations, but we will give you a simple explanation, because you seem like primitive people:

You have blindly charged into the Anonymous hive, a hive from which you've tried to steal honey. Did you think the bees would not defend it? Well here we are. You've angered the hive, and now you are being stung.

It would appear that security experts are not expertly secured.

We are Anonymous.
We are legion.
We do not forgive.
We do not forget.
Expect us - always.

---

Quick 'n dirty way to read the emails in a human-readable format:
1. Get a client. http://www.mozillamessaging.com/thunderbird/
2. Get a file renaming tool. http://www.bulkrenameutility.co.uk/Download.php (Windows)
3. Rename all the mail files so that they have a .eml extension.
4. Drag & drop them into Thunderbird.
5. Enjoy.		

– EU Carbon Trading Hack
This another of these attacks that I cannot comment since I have zero knowledge beyond what’s already said by the media. So, here are a couple of links for the interested reader… CBS News, The Register, BusinessWeek, etc. This a very interesting subject especially for Greece since it involves data from stolen accounts from Greece among other countries.

I’m fairly sure that there are many more attacks such as the “Egyptian government hacks” one on high profile systems but I’m trying to blog just about the most important (always in my opinion). Feel free to contact me if I missed some cool recent hack. :)