[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response

To: Ed Carp <erc@xxxxxxxxx>
Subject: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Sat, 7 Jan 2012 14:10:36 -0500

http://bolt.thexfil.es/84e9h!t was an interesting link - it
demonstrated the pwnage.

It looks like these folks gained access via PHP. Stratfor was using a
Linux based system system, but PHP was version 1.8
from 2009 (perhaps with some back patches). Current version of PHP is
5.3.8 (http://www.php.net/).

Two lessons: (1) keep your boxes patched, and (2) don't store secrets
in the plain text, or use [unsalted] MD5 to digest secrets.

Fuck me running - that's been known for years.... I think Stratfor
broke all the major tenets of data security. The company deserves
everything they get in this instance.

And I like the RickRoll - it was a nice touch which really
demonstrated a level of caring not often seen.

Jeff

On Sat, Jan 7, 2012 at 9:51 AM, Ed Carp <erc@xxxxxxxxx> wrote:
> ROFL!!!
>
> ---------- Forwarded message ----------
> From:  <george.friedman@xxxxxxxxxxxx>
> Date: Sat, Jan 7, 2012 at 2:33 AM
> Subject: Rate Stratfor's Incident Response
> To: erc@xxxxxxxxx
>
>
> For the video announcement, please see
> http://www.youtube.com/watch?v=oHg5SJYRHA0
> Read full press release: http://bolt.thexfil.es/84e9h!t
> Rate Stratfor's incident response:
> http://img855.imageshack.us/img855/9055/butthurtreportform.jpg
>
> Hello loyal Stratfor clients,
>
> We are still working to get our website secure and back up and running
> again as soon as possible.
>
> To show our appreciation for your continued support, we will be making
> available all of our premium content *as a free service* from now on.
>
> We would like to hear from our loyal client base as to our handling of
> the recent intrusion by those deranged, sexually deviant criminal
> hacker terrorist masterminds. Please fill out the following form and
> return it to me
>
> My mobile: 512-658-3152
> My home phone: 512-894-0125

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Ferenc Kovacs

References:
- [Full-disclosure] Fwd: Rate Stratfor's Incident Response
  - From: Ed Carp

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2382-1] ecryptfs-utils security update
Next by Date: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
Previous by thread: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
Next by thread: Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response
Index(es):
- Date
- Thread