Archives for July 2009

Multiple top-security sites hacked (zf05)

If you follow the full disclosure mailing list, you are probably aware that many sites of top security professionals were hacked (including Kevin Mitnick, Robert Lemos from Security Focus, Dan Kaminsky, etc).

I know how easy it is to forget your own security and don’t execute what you preach. But these hacks are a big eye opening for everyone in the industry to take their own security seriously.

This is a mirror of the document. A MUST READ for all security professionals. hacked

Matasano has just been hacked. They are one of the top security web sites with an amazing group of professionals.

This is the screenshot:

I don’t know what happened, but it probably wasn’t a 0-day as people are saying. If anti-sec really had a 0-day they would have hacked a lot more web sites… My guess: it was either a weak password from some of their web designers or a web application bug. Let’s hope to hear soon from them on what happened.

Careful with Those Shortened Links

Awesome article by Dailyblogtips about the Security of Short links. They even mention Sucuri:

If you want to be safe, therefore, only click on shortened links if you trust who created them. If you must or want click on a link but don’t know if it is legitimate, use a URL unshortening tool. There is one over at that will reveal the real URL behind the link and make checks with Google and with SiteAdvisor to make sure the website is safe to be visited.

Sonia Gandhi site hacked

It is not the first time her site got hacked, but we would image that they would be taking their security a bit better by now.

Not only her, but the site of Manmohan Singh (Indian Prime Minister) got hacked too..

And everyone on Twitter is taking about it

Australian Air Force site hacked

And it it still defaced (for more than couple of hours).
Snapshot: Updated

Another set of updates from First, we improved the email alerts to be more clear and removed some false positives from the snapshot comparisons.

We were offline for a few hours on Sunday, but everything is back in order now. Let us know if you run into any issues.

Network Integrity Monitoring Article on DailyBlogTips

Integrity monitoring is a very common practice on server security, generally done inside a file system, where it creates a cryptographic checksum of all your files and if something changes you get an alert. Useful, no? This is called FIM (file integrity monitoring).

What we don’t see often is this kind of integrity checking being done to your Internet assets. What if someone modifies your site in the middle of the night? Or changes the registration information of your domain? When will you find it out?

Great article about Sucuri’s network integrity monitoring on the famous site Daily Blog Tips.


SSH 0-day exploit rumors

People are going crazy with the SSH 0-day exploit rumors. Some are even considering to switch back to telnet because of that.

Finally, an official voice from Damien Miller of the SSH development team suggesting that it is just FUD and probably not real ( Quoting him:

In particular, I spent some time analysing a packet trace that he provided, but it seems to consist of simple brute-force attacks.

So, I’m not pursuaded that an 0day exists at all. The only evidence so
far are some anonymous rumours and unverifiable intrusion transcripts.

Initial rumors from ISC:

Sucuri Quote from Lenny Zeltser

Quote from Lenny Zeltser (from SANS) on Twitter about Sucuri:

Free service by @sucuri_security detects changes to website content, DNS, whois records: Quite handy.

Glad to see it is being useful!

Sucuri Quote on the Security Basics list

Quote from about Sucuri from Manuel Aróstegui on the security-basics mailing list.

This is the first tool I have seen just focused on the Internet domains monitoring. The interface is simple and easy to manage. Well done!