Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Media Defender pwned big time

From: Simon Smith <simon () snosoft com>
Date: Tue, 18 Sep 2007 11:55:16 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This was originally reported to Daily Dave by bbinger123 () yahoo com.

auto176343 () hushmail com wrote:

After the email leak[1], a phone call was leaked[2], allegedly 
between Ben Grodsky of Media Defender and New York State General 
Attorney.

here is a teaser transcript:

Ben Grodsky: "Yeah it seems...I mean, from our telephone call 
yesterday it seems that uhm... we all pretty much came to the 
conclusion that probably was ehm... caught in the email 
transmission because the attacker, I guess what you call, the 
Swedish IP, the attacker uhm... knew the login and the IP address 
and port uhm... but they weren't able to get in because we had 
changed the password on our end, you know, following our normal 
security protocols uhm... when we are making secure transactions 
like these on the first login we'll change the password  so, 
obviously, well not obviously but, it seems that, most likely 
scenario is that, at some  point that email was ehm... intercepted. 
You know just because it is,.. probably it was going through the 
public Internet and there wasn't any sort of encryption key used to 
ehm... protect the data in that email."

Ben Grodsky: "...if  you guys are comfortable just communicating 
with us by phone, anything that is really really sensitive we can 
just communicate in this fashion..."

Ben Grodsky: "OK [confused, taking notes]. So, you are gonna 
disable password authentication and enable public key?"

Ben Grodsky: "...that part has... has not been compromised in any 
way. I mean, the communications between our offices in Santa Monica 
and our data centers have not been compromised in any way and all 
those communications to NY, to your offices, are secured. The only 
part that was compromised was...was the email communications about 
these things."

Ben Grodsky:  "...All we can say for sure Media Defender's mail 
server has not been hacked or compromised..."

[in answer to the question "What kind of IDS you guys are running?"]
Ben Grodsky:  "Ehm...I don't know. Let me look into that."


[1] http://torrentfreak.com/mediadefender-emails-leaked-070915/
[2] http://thepiratebay.org/tor/3809004/MediaDefender.Phonecall-MDD

--
Orlando Vacations - Click Here!
http://tagline.hushmail.com/fc/Ioyw6h4eQYIUh5GP6TXBJkrbGXtVy6e3wl8YMoCtnDIhNerwr43Wv2/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



- --

- - simon

- ----------------------
http://www.snosoft.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFG7/Tjf3Elv1PhzXgRAtrQAKDMH3IrVmuu+A7vOB2fHDO/gYrfdwCfSDbQ
2b9dYRSE+Q8TqXYcpspgNY4=
=ma9i
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: