Quasi rolls out new webpage design at www.sportsbike.co.nz

[Dargor]

It's only a homepage hack. No damage would have been done.

Might be something to do with me abusing some fucking arab spammer

Why would it only be a homepage hack. Im not farmiliar with the sportsbike forum but theres probably a nice database of emails for this spammer to harvest.

And to all who share passwords between the hacked site and anything(email). You should change that password, asap.

[riffer]

"On Wednesday no one was able to hack the computers, so on Thursday the hacking got easier and the prize money was halved."

This is what the youtube video says. You state the mac was insecure, yet they had to drop the security for someone to get in.

Not telling the whole story here figjam.

Interesting point you make there Dargor. I take it VBulletin uses SQL? What's the level of security on a bog-standard VBulletin website? Are we talking multiple relational databases, or one monolithic beast?

[SpankMe]

Homepage hacking is a bit of a sport among script kiddies and hackers. They do it to show off their skills, but not to be malicious. They do nothing else but replace your homepage.

Hackers who's intent is malicious will not want you to know that they have hacked your server so they can go back at any time.

[figjam]

Not telling the whole story here figjam.

What do you think I posted the link to the article for? And remind me again, which was the first to go? How long did the others take and at which levels?

[avgas]

little retard, tapping an index.htm is sad.......like saying haha i fucked you 60 year old mum.
SM is right if a proper hacker did try they would be a bit more stealth than using cuteFTP and a password hax.
At the end of the day he is an internet tagger.
Ummm why hack that website though? seems kinda pointless.

[Dargor]

Homepage hacking is a bit of a sport among script kiddies and hackers. They do it to show off their skills, but not to be malicious. They do nothing else but replace your homepage.

Hackers who's intent is malicious will not want you to know that they have hacked your server so they can go back at any time.

Yea but you can never be sure, unless... it was you?, na just kidding im sure it was Mr Kuwait Hack.

But why not be more malicious and tell everyone. He knows the forum isnt the real target, so he might as well give you the finger and look cool. He's done what he wants with that machine, so give the finger and move on.

[figjam]

Ummm why hack that website though? seems kinda pointless.

Aside from the "because they could..." factor, it was probably automated. F-Secure are claiming up to half a million sites may have been hacked. Other sites include U.N. departments etc.

[riffer]

What do you think I posted the link to the article for? And remind me again, which was the first to go? How long did the others take and at which levels?

Information not available in the video. However, the exploit was traced to a bug in the Safari browser (Webkit - actually OpenSource software). Hardly an operating system (or even Apple) problem.

To their credit, the Apple folk had a patch available within 24 hours.

Plenty of IE bugs cause security issues too. And also Firefox security problems in both Windows, Mac and Linux versions.

I think its disingenuous to claim a browser hack as being indicative of an insecure operating system. I believe you could have hacked any of the other operating systems in a similar way.

The biggest single security problem on any computer still remains open ports, or more appropriately, a lack of understanding of proper security practices. These factors are exclusive of any operating system. Any OS can be as secure or insecure as you make it. Scoring points by attempting to bait the mac fanboys is going to get you nowhere...

Bret - that server's not up yet mate.

[Zoolander]

Sad. No matter how "tough" these hackers try to come across, fact is its probably a weedy little computer dweeb who sits at home every night in his parents house, trying to figure out why he has never seen a real pair of tits and never will.

[Ripperjon]

Hmmm, hope noone sent their credit card details through to Quasimoto recently.

[figjam]

Information not available in the video. However, the exploit was traced to a bug in the Safari browser (Webkit - actually OpenSource software). Hardly an operating system (or even Apple) problem.

Ahhm, sorry? Run that one by me again. Are you saying that Apple did not develop Safari? So it's ok because it uses an Opensource engine at its core? What do you think OS X is? At one stage there was talk that Apple were intending to fully opensouce OS X until they decided there was stuff they didn't want in the public domain.

To their credit, the Apple folk had a patch available within 24 hours.

So they should, they wrote it.

Plenty of IE bugs cause security issues too. And also Firefox security problems in both Windows, Mac and Linux versions.

And yet the Vista machine wasn't hacked until the third day when third party applications were allowed to be introduced and an Adobe Flash exploit was umm... exploited. Note not a browser hack.

I think its disingenuous to claim a browser hack as being indicative of an insecure operating system. I believe you could have hacked any of the other operating systems in a similar way.

And yet neither the Vista nor the Ubuntu machine were compromised via a "browser hack". And that's with some serious talent with some serious knowledge and skills, who wanted the kudos far more than the money or hardware. In fact no one managed to compromise the Ubuntu (linux) laptop at all. Next year the results will probably be completely different.

The biggest single security problem on any computer still remains open ports, or more appropriately, a lack of understanding of proper security practices. These factors are exclusive of any operating system. Any OS can be as secure or insecure as you make it. Scoring points by attempting to bait the mac fanboys is going to get you nowhere...

I'm not disagreeing with you on that... Except for the baiting bit. I reckon the fishing's been pretty good so far. Had some massive bites and didn't even have to use much bait

[riffer]

Ahhm, sorry? Run that one by me again. Are you saying that Apple did not develop Safari? So it's ok because it uses an Opensource engine at its core? What do you think OS X is? At one stage there was talk that Apple were intending to fully opensouce OS X until they decided there was stuff they didn't want in the public domain.

Ahem... since when was NextStep OpenSource? Or are you talking OpenBSD?"

So they should, they wrote it.

Not the part which enabled the exploit. So there's not really much of a difference between a browser hack and a Flash exploit.

And yet the Vista machine wasn't hacked until the third day when third party applications were allowed to be introduced and an Adobe Flash exploit was umm... exploited. Note not a browser hack.
And yet neither the Vista nor the Ubuntu machine were compromised via a "browser hack". And that's with some serious talent with some serious knowledge and skills, who wanted the kudos far more than the money or hardware. In fact no one managed to compromise the Ubuntu (linux) laptop at all. Next year the results will probably be completely different.

What we can take out of this whole thing is that:

1. The ex-NSA bloke who exploited the Webkit vulnerability was a Unix expert.
2. Third-party developers are a big problem security-wise
3. Most OS's are pretty secure anyway.

[Quasievil]

Hmmm, hope noone sent their credit card details through to Quasimoto recently.

Why would that matter, we use DPS , its an external external system

[jrandom]

little retard, tapping an index.htm is sad...

They were making the point that they'd cr4x0r3d Quasi's b0x0r, without actually doing any damage.

It's a 'nyah nyah' to show that the attacker could have completely hosed the system and/or rootkitted it and used it for his own purposes, but didn't.

Just kids arsing about. Annoying, certainly, but nothing to do with real cybercrime, and about as minor as data vandalism gets.

Not sure why the server's still up, though; if it were mine, I'd yank its interweb plugs while patching it up to date and doing a lockdown on whatever extraneous services it's running. In fact, given that it's been compromised, I'd run an immediate backup on the forum database, then just rebuild the machine from scratch (securely, this time) and reinstall the forum software with its current data before going live again.

[skidMark]

They were making the point that they'd cr4x0r3d Quasi's b0x0r, without actually doing any damage.

It's a 'nyah nyah' to show that the attacker could have completely hosed the system and/or rootkitted it and used it for his own purposes, but didn't.

Just kids arsing about. Annoying, certainly, but nothing to do with real cybercrime, and about as minor as data vandalism gets.

Not sure why the server's still up, though; if it were mine, I'd yank its interweb plugs while patching it up to date and doing a lockdown on whatever extraneous services it's running. In fact, given that it's been compromised, I'd run an immediate backup on the forum database, then just rebuild the machine from scratch (securely, this time) and reinstall the forum software with its current data before going live again.

I dunno i suspect quasi might just get cowpoos around and do something like this...

[YOUTUBE]HNLoCun5DGM[/YOUTUBE]