http://blog.wired.com/27bstroke6/2008/06/hacker-hijacks.html By Ryan Singel Threat Level Wired.com June 02, 2008 Being one of the baddest security researchers on the net can't be an easy job. Take H D Moore, the creator of Metasploit Framework -- a widely-used open-source tool which hackers and developers alike use to find vulnerabilities in remote servers. Monday morning, Metasploit.com was temporarily hijacked using an attack on the local area network of Metasploit's hosting provider. Using what is technically known as ARP spoofing, the attacker was able to intercept visitors to Metasploit.com, and instead serve them up a page saying the site had been "hacked by sunwear ! just for fun. Users were then redirected to a Chinese forum with an image of the hack. The Metasploit server itself wasn't compromised, according to Moore, who fairly quickly fixed the vulnerability by hard-coding the right route for the packets. But since some 250 other servers are hosted on the same local area network at the service provider, they remain at risk, according to Moore. One can only hope for their sake that they don't have the reputation of Moore and aren't worth the time of a bored hacker. Via SunBelt Software's blog: http://sunbeltblog.blogspot.com/2008/06/metasploit-hacked.html _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jun 03 2008 - 02:23:44 PDT