[ISN] [defaced-commentary] SecurityNewsPortal.com currently defaced

From: InfoSec News (isnat_private)
Date: Wed Oct 24 2001 - 00:17:26 PDT

  • Next message: InfoSec News: "[ISN] Trends in Denial of Service Attack Technology"

    ---------- Forwarded message ----------
    Date: Tue, 23 Oct 2001 21:01:56 -0600 (MDT)
    From: security curmudgeon <jerichoat_private>
    To: defaced-commentaryat_private
    Subject: [defaced-commentary] SecurityNewsPortal.com currently defaced
    [As this is posted, www.securitynewsportal.com is currently
    defaced. The text of the defacement is below. Despite being 
    signed by Kim Schmitz, I doubt he has the skill or ambition 
    for such a defacement. - jericho]
    -- defacement text --
    Hello, world! 
    SECURITYNEWSPORTAL is temporarily down. We'd like to take this time to
    talk to you about some things. 
    There exists a cancer in the security community right now, and that cancer
    exists in individuals and groups who could be classified as scenewhores. 
    These parties attempt to profit off the security community, without
    actually being a part of it. 
    For instance, SECURITYNEWSPORTAL.COM. This site was
    hacked/cracked/rooted/whatever with the ssh1/crc32 exploit. Sure, SNP
    staff, call us scriptkids. We won't argue that. But, what does it make
    you? Your server has been vulnerable to a bug that has been known of since
    February. You've built a popular "security" site (although, the truth is
    its complete garbage, but the masses don't realize that, hopefully they
    will start to now). Maybe if this weren't a "security" site, they would
    have an excuse for this compromise, but lets be realistic -- there is no
    reason for anything "security" related to be compromised by an eight-month
    old bug. And, especially after all the current discussion about the bug in
    "security" forums. 
    SECURITYNEWSPORTAL.COM makes money off their website. They encourage the
    actions of scriptkids. They encourage defacements. Why shouldn't they? 
    They make money off their actions. SECURITYNEWSPORTAL.COM is more about
    insecurity than security; their business prospers. We are looking forward
    to hearing them bitch about this incident. Hypocrites. 
    Why do companies choose to advertise with an organization like
    SECURITYNEWSPORTAL.COM? Advertising with them supports them, why do you
    support them?  Are you aware of what you're supporting? The people who run
    SNP are _NOT_ hackers, they do _NOT_ possess any knowledge pertinant to
    computer security; why is your money with them? Why don't you donate to
    organizations that do _REAL_ security research? Why not invest your money
    somewhere better? 
    The era of security scenewhores is about to end. Well, not all
    scenewhores, just the ones who attempt to exploit the security scene for
    their own personal profit. SNP staff -- instead of trying to refute the
    claims against you, why don't you spend some time learning computer
    security? That'd be the intelligent thing to do. You probably want to get
    your capitalist machine up and running again though, don't you? 
    Everyone, please think of what we have said here. To the public, please
    take the time and ponder how "security minded" the staff of
    SECURITYNEWSPORTAL.COM are. Remember, this site was comprimised by an
    eight-month old bug. Sure, they'll bitch and moan about being the victim
    of some scriptkid, but what are they really saying? "We're too lame to
    understand the security advisories we mirror", or "We don't have the time
    to maintain security on this machine; all our time is invested in running
    this magnificent website", or even try to claim that it was a different
    vulnerability? To all who are advertising here, can you _PLEASE_ at least
    consider what you are supporting? You aren't supporting the security
    industry, the traffic you recieve back is from a "kiddie"  population
    (anyone who frequents this site and thinks its worthwhile is either
    entirely ignorant of security matters, or a kiddie of some sort). It
    shouldn't be too hard to find more profitable and worthwhile ventures. 
    Incidently, if you're a real hacker, and looking to do some good for the
    world, please come to irc.booze.de/#yihat and speak with us. We're always
    looking to recruit new talent for our organization. 
    Kim Schmitz (aka Kimble) 
    YIHAT Founder / Chief Hacking Officer 
    www.kill.net + www.kimble.org 
    +49 89 523520 
    <Kimble> to all the flamers, yihat will have thousands of members in a few
    month, be carefull! critics are ok, insults NOT!
    The information and commentary is Copyright 2001, by the individual author.
    Permission is granted to quote, reprint or redistribute provided the text is not
    altered, and the author and attrition.org is credited. The opinions expressed
    in this mail are not necessarily the opinion of all Attrition staff members.
    Commentary Archive: http://www.attrition.org/security/commentary/
    The Attrition Mirror: http://www.attrition.org/mirror/attrition/
    Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
    Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
    Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
    Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
    Contacting Attrition Staff: staffat_private
    To subscribe to Defaced Commentary, send mail to majordomoat_private
    with "subscribe defaced-commentary" in the BODY of the mail (without
    quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
    the BODY of the mail.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 03:24:51 PDT