imageshack.us взломали?

Вот этот манифест:

«imageshack
Proudly presents...
Anti-sec. We're a movement dedicated to the eradication of full-disclosure. We wanted to give everyone an image of what we're all about
Full-disclosure is the disclosure of exploits publicly - anywhere. The security industry uses full-disclosure to profit and develop scare-tactics to convince people into buying their firewalls, anti-virus software, and auditing services.
Meanwhile, script kiddies copy and paste these exploits and compile them, ready to strike any and all vulnerable servers they can get a hold of. If whitehats were truly about security this stuff would not be published, not even exploits with silly edits to make them slightly unusable.
As an added bonus, if publication wasn't enough, these exploits are mirrored and distributed widely across the Internet with a nice little advertisement embedded in them for the crew or website which first exposed the vulnerability to the public.
It's about money. While the world is difficult to change, and money will certainly continue to be very important in the eyes of many, our battle is that of the removal of full-disclosure for the purpose of making it harder for the security industry to exploit its consequences.
It is our goal that, through mayhem and the destruction of all exploitive and detrimental communities, companies, and individuals, full-disclosure will be abandoned and the security industry will be forced to reform.
How do we plan to achieve this? Through the full and unrelenting, unmerciful elimination of all supporters of full-disclosure and the security industry in its present form. If you own a security blog, an exploit publication website or you distribute any exploits... "you are a target and you will be rm'd. Only a matter of time."
This isn't like before. This time everyone and everything is getting owned.
Signed: The Anti-sec Movement
No images were harmed In the making of this... image.»

Элиминировать бы их лет на 5.

Пруфлинк?

4.2, лечись от вирусов :-D

Согласен с предыдущим оратором по всем пунктам, от себя добавлю:
"Слезай с винды."

> Пруфлинк?

http://www.inquisitr.com/28878/imageshack-hacked/

http://mashable.com/2009/07/10/imageshack-hacked/

http://www.teamliquid.net/forum/viewmessage.php?topic_id=97404

> 4.2, лечись от вирусов :-D

Подскажи хороший антивирус под линукс. Желательно бесплатный хотя бы первую неделю.

> Слезай с винды.

Линукс уже давно. Последний раз оффтопик запускал в прошлом году на реальном железе и неделю назад в эмуляторе.

> Anti-sec. We're a movement dedicated to the eradication of full-disclosure. We wanted to give everyone an image of what we're all about Full-disclosure is the disclosure of exploits publicly - anywhere. The security industry uses full-disclosure to profit and develop scare-tactics to convince people into buying their firewalls, anti-virus software, and auditing services. Meanwhile, script kiddies copy and paste these exploits and compile them, ready to strike any and all vulnerable servers they can get a hold of. If whitehats were truly about security this stuff would not be published, not even exploits with silly edits to make them slightly unusable. As an added bonus, if publication wasn't enough, these exploits are mirrored and distributed widely across the Internet with a nice little advertisement embedded in them for the crew or website which first exposed the vulnerability to the public. It's about money. While the world is difficult to change, and money will certainly continue to be very important in the eyes of many, our battle is that of the removal of full-disclosure for the purpose of making it harder for the security industry to exploit its consequences. It is our goal that, through mayhem and the destruction of all exploitive and detrimental communities, companies, and individuals, full-disclosure will be abandoned and the security industry will be forced to reform. How do we plan to achieve this? Through the full and unrelenting, unmerciful elimination of all supporters of full-disclosure and the security industry in its present form. If you own a security blog, an exploit publication website or you distribute any exploits... "you are a target and you will be rm'd. Only a matter of time." This isn't like before. This time everyone and everything is getting owned. Signed: The Anti-sec Movement

молодцы, уважаю.

ОП не врет!

пруфлинк  http://seclists.org/fulldisclosure/2009/Jul/0095.html

Мне интересно, как они это сделали. Если верить curl -I, там стоят PHP/5.2.9 и lighttpd/1.5.0 (которого на офсайте нету).

как следует из письма, все очень просто:

    anti-sec:~/pwn# perl img-scan.pl

    Found img1.imageshack.us - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
    [snip]
    Found img998.imageshack.us - lighttpd/1.4.18 - SSH-1.99-OpenSSH_4.5
    
    anti-sec:~/pwn# perl mass-pwn.pl

    Connecting...

    Linux worf.imageshack.us 2.6.15-1.2054_FC5 #1 SMP Tue Mar 14
    15:48:20 EST 2006 x86_64 x86_64 x86_64 GNU/Linux

    Replacing images...

    img1 --> img998

    All images replaced: http://img998.imageshack.us/antisec.jpg

как раз пару дней назад прошла информация о критической уязвимости в < OpenSSH 4.6

> как раз пару дней назад прошла информация о критической уязвимости в < OpenSSH 4.6

Понятно. Спасибо.

>как раз пару дней назад прошла информация о критической уязвимости в < OpenSSH 4.6

??

# eix openssh
[I] net-misc/openssh
     Available versions:  ~5.0_p1-r2 5.1_p1-r2 ~5.1_p1-r3 5.2_p1-r1 ~5.2_p1-r2 {X X509 hpn kerberos ldap libedit pam pkcs11 selinux skey smartcard static tcpd}
     Installed versions:  5.2_p1-r1(05:36:02 03.04.2009)(ldap pam tcpd -X -X509 -hpn -kerberos -libedit -pkcs11 -selinux -skey -smartcard -static)
     Homepage:            http://www.openssh.org/
     Description:         Port of OpenBSD's free SSH release

Что такое OpenSSH < 4.6?

> Что такое OpenSSH < 4.6?

Что-то позапрошлогоднее :) До лета 2007-го :)