November 02, 2011

 

"One thing about us wiseguys, the hustle never ends."
--Tony Soprano, season 1, episode 5 "College."

Tony

In January of this year, we blogged about a hacker site that sold admin access to several military, education and government websites.  The hacker Srblche, who has renamed himself a "security researcher," put a catalog of websites vulnerable to SQL injection on a website.  After our blog was published, Srblche put his website behind a paywall.  It would cost about $10 to access the site's contents:

Srblche1

One hacking group, "d33ds," managed to hack Srblche's site, posting their hack on pastebin, explaining, "Anyone willing to pay for this service must be as stupid as he is." (For reference, d33ds is the same group that hacked RankMyHack.com.) To illustrate their hack, d33ds created a mirror site containing the catalog of vulnerable sites.

The hackers proudly revealed Srblche's administrative username and password:

Srblche2


Decorum prevents us from publishing the full password.

How did the hack occur?  It's likely, though not certain, that Srblche used shared hosting for his site and other hosted applications on the same server were vulnerable, thus allowing access to Srblche's application source files.  This is how Rankmyhack was breached.

The morale of the story?  First, the obvious:  there's no honor among thieves.  Second, and more importantly, this episode shows that everyone can get hacked:  the good, the bad and those using hysterical passphrases.

Share:

Posted by Imperva Blogger at 12:00:00 AM


Tags:

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.