Educause Security Discussion mailing list archives
Re: Rank My Hack
From: Kevin Halgren <kevin.halgren () WASHBURN EDU>
Date: Thu, 1 Sep 2011 09:51:42 -0500
I'm not sure, I didn't want to post one of our sites as hacked, obviously. I believe hacked sites are listed at the domain or subdomain level, e.g. colorado.edu, search.psu.edu, etc.
Do you provide students space to create their own websites in your domain? They could "hack" your site just by modifying their own web page in that case.
Their site is back up, content of the bounty page is below (don't know if it will render properly by the time it gets through the listserv and other mail clients). Additionally, I note there are only 25 "active" users with hacking points and the only bounties are from the site creater.
Kevin [RANKING_POINT_BOUNTIES] [Site] [Bounty_Points] [Reason] [Submitted_By] bnp.org.uk 100000 Racist/Anti Islamic UK political party lead by Nick Griffin. s0lar nickgriffinmep.eu 100000 Nick Griffin's personal website (BNP Leader, all round racist bastard) s0lar englishdefenceleague.org 100000Group of UK racist bastards, they would be politically minded if they weren't such thick skulled idiots. Neo Nazi splinter cell in there somewhere no doubt.
s0lar kkk.com 100000 Official Ku Klux Klan site. s0lar kukluxklan.bz 100000 Lesser known Ku Klux Klan website. s0lar Any .gov websites 7500.gov / .mil / .edu sites are often harder to break into because they have higher security budgets.
s0lar Any .edu websites 7500.gov / .mil / .edu sites are often harder to break into because they have higher security budgets.
s0lar Any .mil websites 7500.gov / .mil / .edu sites are often harder to break into because they have higher security budgets.
s0lar On 9/1/2011 9:22 AM, Gregory N Pendergast/AC/VCU wrote:
Kevin,Are there any more details provided about the posted "hack" once you've created an account? For example, www.vcu.eduis listed, but does that mean they claim to have compromised "www.vcu.edu," or could they be referring to hxxp://SomeDeptServer.vcu.edu/SomeObscureApp ?Thanks, Greg ----- Gregory Pendergast Information Security Analyst Virginia Commonwealth University From: Kevin Halgren <kevin.halgren () WASHBURN EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Date: 09/01/2011 10:12 AM Subject: Re: [SECURITY] Rank My HackSent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>------------------------------------------------------------------------ FYI, my e-mail client must have added the slashes (" / ") that are displayed in the website code variables, they are not in the original code from the site. Probably due to my attempt to use italics for the variables. In any case, keep those out of any syntax searches. Kevin On 9/1/2011 9:04 AM, Joel Rosenblatt wrote: > Hi Kevin, > > Thanks, this helps a lot :-) - Now I can use Google to find them > > Regards, > Joel > > --On Thursday, September 01, 2011 8:53 AM -0500 Kevin Halgren > <kevin.halgren () washburn edu> wrote: > >> I signed up with an alias just to figure out this information. Their >> tool looks for a unique code the "hacker" inserts into the HTML of a >> web page. The >> code is in the following format: >> >> <!--hacked by /username/ :: /codenumber/--> >> >> codenumber in my case was a 9 digit decimal number. >> >> They scanned for that code (I didn't put the code in a web page, but >> I had them scan for it on a test server) from IP address 217.23.15.103 >> (samoa.underhost.com). That address is one off from their website, >> 217.23.15.104 for what it's worth. >> >> A signed in user gets access to a chat room that I didn't hang around >> in and to their bounties list. There were only a handful of entries >> there, nothing >> that really concerned me, just things like kukluxklan.com and >> www.bnp.org.uk. Unfortunately(?) the site is not responding at the >> moment so I can't get >> access to the full list. >> >> Pretty lame overall, but I hope this helps someone. >> >> Kevin >> >> On 8/31/2011 1:04 PM, Joel Rosenblatt wrote: >>> So, if you register (I didn't :-), do you get more information on the >>> hack then the name of the school? >>> >>> site:columbia.edu >>> About 1,830,000 results (0.13 seconds) >>> >>> Where do I look first? Without more information, this is useless >>> >>> Joel >>> >>> --On Wednesday, August 31, 2011 1:24 PM -0400 Nick Giacobe >>> <nxg13 () PSU EDU> wrote: >>> >>>> You all might want to check out the new site RankMyHack to see if >>>> your sites >>>> have been compromised and listed on the leaderboard. >>>> >>>> >>>> >>>> 68 edu sites are listed in the current list of hacks at >>>> http://www.rankmyhack.com/hacks.php >>>> >>>> >>>> >>>> Here is some very recent press about the RankMyHack Site: >>>> >>>> >>>>>>>> http://www.washingtonpost.com/blogs/innovations/post/its-official-hacking-ha>>>> >>>> >>>> s-been-gamified/2011/08/30/gIQALidWrJ_blog.html >>>>>>>> http://gizmodo.com/5836145/rankmyhack-gives-you-achievement-points-for-your->>>> >>>> >>>> ballsiest-cyber-attacks >>>> >>>> >>>> >>>> >>>> >>>> --- >>>> >>>> Nick Giacobe >>>> >>>> Research Technologist V and Ph.D Candidate >>>> >>>> College of Information Sciences and Technology >>>> >>>> Penn State University >>>> >>>> 101 Information Sciences and Technology Building >>>> >>>> University Park, PA 16802 >>>> >>>> >>>> >>> >>> >>> >>> Joel Rosenblatt, Manager Network & Computer Security >>> Columbia Information Security Office (CISO) >>> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 >>> http://www.columbia.edu/~joel <http://www.columbia.edu/%7Ejoel> >>> Public PGP key>>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3>>>> >> >> -- >> Kevin Halgren >> Assistant Director - Systems and Network Services >> Washburn University >> (785) 670-2341 >> kevin.halgren () washburn edu >> > > > > Joel Rosenblatt, Manager Network & Computer Security > Columbia Information Security Office (CISO) > Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 > http://www.columbia.edu/~joel <http://www.columbia.edu/%7Ejoel> > Public PGP key> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3>> -- Kevin Halgren Assistant Director - Systems and Network Services Washburn University (785) 670-2341 kevin.halgren () washburn edu
-- Kevin Halgren Assistant Director - Systems and Network Services Washburn University (785) 670-2341 kevin.halgren () washburn edu
Current thread:
- Rank My Hack Nick Giacobe (Aug 31)
- Re: Rank My Hack Joel Rosenblatt (Aug 31)
- Re: Rank My Hack Kevin Halgren (Sep 01)
- Re: Rank My Hack Joel Rosenblatt (Sep 01)
- Re: Rank My Hack Kevin Halgren (Sep 01)
- Re: Rank My Hack Gregory N Pendergast/AC/VCU (Sep 01)
- Re: Rank My Hack Kevin Halgren (Sep 01)
- Re: Rank My Hack Kevin Halgren (Sep 01)
- Re: Rank My Hack Joel Rosenblatt (Aug 31)
- Re: Rank My Hack Webb, Justin (Aug 31)
- Re: Rank My Hack Bob Kalal (Aug 31)