[AusNOG] ABC Website Hacked
Tim March
march.tim at gmail.com
Wed Feb 27 14:18:14 EST 2013
Chooo chooo! Here comes the pwnage express...
Not really a huge surprise to the security punters, I guess. Another
complicated site with insufficient security control gets owned. It is
what it is. I incidentally spot gapers in sites all the time and just
don't bother mentioning them any more because the response is normally
so lacklustre...
For example; I noticed a forum skid hitting and posing XSS in a bunch of
.au car manufacturer sites a while back. It was obvious they were
gearing up for a phishing attack against those domains. I notified four
manufacturers, only one took the time to get back to me and none of them
fixed the issue within 6 months.
For the curious among you; there's a a GAPING SQLi in another major
media organisation that you can trivially find with a Google dork. I'll
send a 6-pack of beer to anyone who identifies it by COB =)
I haven't looked at the dump but I won't be surprised if the passwords
are trivially decryptable if they're encrypted at all. 1Password is your
friend.
T.
On 27/02/13 1:41 PM, Pinkerton, Eric wrote:
> You may or may not have heard that a section of the abc.net.au website was compromised and a database leak was today posted online. It's not in the mainstream media yet, but it's all over Twitter originating from some Anonymous-related profiles. Contained within the leak are email addresses and hashed passwords, amongst a number of other less important fields.
>
> ABC are still "confirming" that it occurred, but the extensive number of legitimate email addresses (~50,000) contained within the leak makes it hard to dispute.
>
> http://pastebin.com/J3ceSWMw
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
More information about the AusNOG
mailing list