The Ethical Hacker Network - EH.net as a Target?

Latest Additions

Who's Online

cd1zz

Hero Member

Offline

Posts: 561

EH.net as a Target?

« on: June 20, 2011, 12:22:12 PM »

You can't help but wonder if EH.net will become a target in this new wave of attacks at some point.

Password change? I think so Grin


	Logged

OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com

chrisj

Hero Member

Offline

Posts: 1163

Re: EH.net as a Target?

« Reply #1 on: June 20, 2011, 01:02:26 PM »

I wonder too... that spam bot over the weekend maybe? Wink

But I'm not worried about having to change my password. This is the only place I use the password.


	Logged

OSWP, Sec+

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: EH.net as a Target?

« Reply #2 on: June 21, 2011, 03:57:07 PM »

It has already been targeted by the hacktivist groups from time to time. Being a target doesn't mean it's unsafe. It's when there's a compromise of security, that you should change your password.


	Logged

I'm an InterN0T'er

tturner

Sr. Member

Offline

Posts: 432

Re: EH.net as a Target?

« Reply #3 on: June 21, 2011, 04:00:19 PM »

Quote from: MaXe on June 21, 2011, 03:57:07 PM

It's when there's a compromise of security, that you should change your password.

That's assuming the compromise is detected


	Logged

Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: EH.net as a Target?

« Reply #4 on: June 22, 2011, 05:01:11 AM »

Quote from: tturner on June 21, 2011, 04:00:19 PM

Quote from: MaXe on June 21, 2011, 03:57:07 PM

It's when there's a compromise of security, that you should change your password.

That's assuming the compromise is detected

True. But if it is not detected, then the attacker most likely has a backdoor, meaning that changing your password is pointless since he or she can just download the database, modify the encryption scheme, or backdoor the login function for that sake, so your password is sent in clear text to the attacker, and in this case HTTPS and HTTP does not matter at all, since the passwords can just be stored in a default looking file on the server. (The last attack has been seen before.)

If the compromise isn't detected, there's no remediation of the risk, caused by an "agent" and a vulnerability in other words.


	Logged

I'm an InterN0T'er

tturner

Sr. Member

Offline

Posts: 432

Re: EH.net as a Target?

« Reply #5 on: June 22, 2011, 06:27:39 AM »

I still change my passwords. It gives me the warm fuzzy. I know it's delusional but I tell myself that most of the time when a site is compromised they harvest the accounts and never re-query the user base with the assumption that the passwords are not changing unless a compromise is announced. That and I never re-use passwords. I could not function without password vaults.


	Logged

BillV

Hero Member

Offline

Posts: 1892

Re: EH.net as a Target?

« Reply #6 on: June 22, 2011, 04:51:31 PM »

EH-Net has been targeted in the past. Passwords have been compromised and posted online.


	Logged

muggz1356

Newbie

Offline

Posts: 1

Re: EH.net as a Target?

« Reply #7 on: August 21, 2011, 02:40:18 PM »

I would think it has been, Most black hats do not like the idea of white hats. It would give them more of a trill knowing that they have hacked into a white hat's site, leading them to believe they are better.