.

EH.net as a Target?

<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Jun 20, 2011 12:22 pm

EH.net as a Target?

You can't help but wonder if EH.net will become a target in this new wave of attacks at some point.

Password change? I think so  ;D
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Mon Jun 20, 2011 1:02 pm

Re: EH.net as a Target?

I wonder too... that spam bot over the weekend maybe? ;)

But I'm not worried about having to change my password. This is the only place I use the password.
OSWP, Sec+
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Jun 21, 2011 3:57 pm

Re: EH.net as a Target?

It has already been targeted by the hacktivist groups from time to time. Being a target doesn't mean it's unsafe. It's when there's a compromise of security, that you should change your password.
I'm an InterN0T'er
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Jun 21, 2011 4:00 pm

Re: EH.net as a Target?

MaXe wrote:It's when there's a compromise of security, that you should change your password.


That's assuming the compromise is detected :)
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Jun 22, 2011 5:01 am

Re: EH.net as a Target?

tturner wrote:
MaXe wrote:It's when there's a compromise of security, that you should change your password.


That's assuming the compromise is detected :)




True. But if it is not detected, then the attacker most likely has a backdoor, meaning that changing your password is pointless since he or she can just download the database, modify the encryption scheme, or backdoor the login function for that sake, so your password is sent in clear text to the attacker, and in this case HTTPS and HTTP does not matter at all, since the passwords can just be stored in a default looking file on the server. (The last attack has been seen before.)

If the compromise isn't detected, there's no remediation of the risk, caused by an "agent" and a vulnerability in other words.
I'm an InterN0T'er
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Jun 22, 2011 6:27 am

Re: EH.net as a Target?

I still change my passwords. It gives me the warm fuzzy. I know it's delusional but I tell myself that most of the time when a site is compromised they harvest the accounts and never re-query the user base with the assumption that the passwords are not changing unless a compromise is announced. That and I never re-use passwords. I could not function without password vaults.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Wed Jun 22, 2011 4:51 pm

Re: EH.net as a Target?

EH-Net has been targeted in the past. Passwords have been compromised and posted online.
<<

muggz1356

User avatar

Newbie
Newbie

Posts: 1

Joined: Fri Aug 14, 2009 12:46 am

Post Sun Aug 21, 2011 2:40 pm

Re: EH.net as a Target?

I would think it has been, Most black hats do not like the idea of white hats. It would give them more of a trill knowing that they have hacked into a white hat's site, leading them to believe they are better.

Return to Ethical Hacktivism

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software