[AusNOG] ABC Website Hacked

Tim March march.tim at gmail.com
Thu Feb 28 08:42:56 EST 2013 

Although this thread appears to have gone wildly OT...

IMNSHO the ABC situation doesn't really have anything to do with Free 
Speech™ so much as the new brand of Hacktivism™ that's been pervasive 
over the past 3 years or so. They gave a platform to a firebrand 
anti-lslamist and someone got pissed off for one of two reasons;

     1. They perceived that the network was facilitating racism via an 
anti-islam message.

     2. They perceived that the network was facilitating an anti-islam 
message. See the 'depictions of the prophet' / 'muhammed film' sagas for 
more info.

Whether you like and or agree with it or not, launching electronic 
attacks on companies and orgs. as a form of protest is a thing and will 
continue to happen. In that context neither of the things I describe 
above really fit with my definition of attacks on Free Speech™.

The real question for me here is the same as with any other similar 
breach; what steps, as a basic corporate responsibility exercise, had 
the ABC taken to protect that information?

On the whole it boils down to this;

     1. Web application developers, on the whole, simply don't 
understand security - they're interested in rapidly delivering product.

     2. Project managers, on the whole, simply don't understand security 
- they're interested in the developers rapidly delivering product.

     3. Management, on the whole, simply don't understand security - 
They're interested in the project managers getting the developers to 
rapidly deliver product.

... And so on and on it goes.

</rant>



T.

On 28/02/13 7:50 AM, Christopher Mclean wrote:
> Is it passionate debate or argument. Freedom of speech is only allowed where it is approved. I guess there even has to be guidelines about how free you can have speech. In Australia we can say almost anything on a soap box and the worst that is likely to happen is having rotten fruit, vegetables and the occasional fist thrown at you. Freedom of speech in some places can incite riots, death and general mayhem. Freedom of speech here can incite riots in those more volatile places.
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Kai
> Sent: Wednesday, February 27, 2013 8:30 PM
> To: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] ABC Website Hacked
>
> A freedom of speech advocate attacking freedom of speech by hacking the ABC for giving coverage to Geert Wilders' speech because don't like what he has to say.
> Yeah, right "freedom of speech....but only if I agree with it".
>
> Streisand effect here we come?
>
> ----- Original Message -----
> From: "Damian Guppy" <the.damo at gmail.com>
> To: "Aqius" <aqius at lavabit.com>
> Cc: ausnog at lists.ausnog.net
> Sent: Wednesday, 27 February, 2013 5:05:07 PM GMT +08:00 Beijing / Chongqing / Hong Kong / Urumqi
> Subject: Re: [AusNOG] ABC Website Hacked
>
>
>
> I personally think this attack is gaining the guy more attention than the original interview on ABC itself, the first i heard of this dutch guy was from the attack. Seems kind of counter-productive of what the attacker was going after...
>
>
> --Damian
>
>
>
> On Wed, Feb 27, 2013 at 2:09 PM, Aqius < aqius at lavabit.com > wrote:
>
>
>
>
>
>
> OT, but hacking the ABC site (essentially attacking freedom of speech via threatening the media through mass abuse of Australian website members) seems a fairly full on approach... And one that is likely to lead to hostility from the victims towards the rather than empathy. Did anyone see the show - I’m curious how full on this guy is?
>
>
>
> From: ausnog-bounces at lists.ausnog.net [mailto: ausnog-bounces at lists.ausnog.net ] On Behalf Of Giles Pollock
> Sent: Wednesday, 27 February 2013 14:43
> To: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] ABC Website Hacked
>
>
>
>
>
> Looks like SHA1, some of the hashes match SHA1 rainbow tables if you do a quick google search... Hope ABC is locking down and letting people know to change their passwords on other services...
>
>
> On Wed, Feb 27, 2013 at 2:40 PM, Damian Guppy < the.damo at gmail.com > wrote:
>
>
> However if they are using a common unsalted hash like MD5 then it is trivial to use a rainbow table to get the passwords in seconds.
>
>
>
>
>
> --Damian
>
>
>
>
>
>
>
> On Wed, Feb 27, 2013 at 11:39 AM, Noon Silk < noonslists at gmail.com > wrote:
>
> On Wed, Feb 27, 2013 at 2:18 PM, Tim March < march.tim at gmail.com > wrote:
>> [...]
>
>> I haven't looked at the dump but I won't be surprised if the passwords are
>> trivially decryptable if they're encrypted at all. 1Password is your friend.
> So-as to prevent continued mis-use of language here; hashed passwords
> can't be "decrypted". It is only possible to find another string which
> hashes to the same value.
>
>
>> T.

More information about the AusNOG mailing list