Re: Rank My Hack

[Kevin Halgren <kevin.halgren () WASHBURN EDU>]

I'm not sure, I didn't want to post one of our sites as hacked, 
obviously.  I believe hacked sites are listed at the domain or subdomain 
level, e.g. colorado.edu, search.psu.edu, etc.

Do you provide students space to create their own websites in your 
domain?  They could "hack" your site just by modifying their own web 
page in that case.

Their site is back up, content of the bounty page is below (don't know 
if it will render properly by the time it gets through the listserv and 
other mail clients).  Additionally, I note there are only 25 "active" 
users with hacking points and the only bounties are from the site creater.

Kevin



 [RANKING_POINT_BOUNTIES]

        

        

[Site]

        

[Bounty_Points]

        

[Reason]

        

[Submitted_By]

        

        

bnp.org.uk

        

100000

        

Racist/Anti Islamic UK political party lead by Nick Griffin.

        

s0lar

        

        

nickgriffinmep.eu

        

100000

        

Nick Griffin's personal website (BNP Leader, all round racist bastard)

        

s0lar

        

        

englishdefenceleague.org

        

100000

        

Group of UK racist bastards, they would be politically minded if they 
weren't such thick skulled idiots. Neo Nazi splinter cell in there 
somewhere no doubt.

        

s0lar

        

        

kkk.com

        

100000

        

Official Ku Klux Klan site.

        

s0lar

        

        

kukluxklan.bz

        

100000

        

Lesser known Ku Klux Klan website.

        

s0lar

        

        

Any .gov websites

        

7500

        

.gov / .mil / .edu sites are often harder to break into because they 
have higher security budgets.

        

s0lar

        

        

Any .edu websites

        

7500

        

.gov / .mil / .edu sites are often harder to break into because they 
have higher security budgets.

        

s0lar

        

        

Any .mil websites

        

7500

        

.gov / .mil / .edu sites are often harder to break into because they 
have higher security budgets.

        

s0lar

        




On 9/1/2011 9:22 AM, Gregory N Pendergast/AC/VCU wrote:
> Kevin,
>
> Are there any more details provided about the posted "hack" once 
> you've created an account?  For example, www.vcu.eduis listed, but 
> does that mean they claim to have compromised "www.vcu.edu," or could 
> they be referring to hxxp://SomeDeptServer.vcu.edu/SomeObscureApp ?
>
> Thanks,
> Greg
>
> -----
> Gregory Pendergast
> Information Security Analyst
> Virginia Commonwealth University
>
>
>
>
> From: Kevin Halgren <kevin.halgren () WASHBURN EDU>
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Date: 09/01/2011 10:12 AM
> Subject: Re: [SECURITY] Rank My Hack
> Sent by: The EDUCAUSE Security Constituent Group Listserv 
> <SECURITY () LISTSERV EDUCAUSE EDU>
> ------------------------------------------------------------------------
>
>
>
> FYI, my e-mail client must have added the slashes (" / ") that are
> displayed in the website code variables, they are not in the original
> code from the site.  Probably due to my attempt to use italics for the
> variables.  In any case, keep those out of any syntax searches.
>
> Kevin
>
> On 9/1/2011 9:04 AM, Joel Rosenblatt wrote:
> > Hi Kevin,
> >
> > Thanks, this helps a lot :-) - Now I can use Google to find them
> >
> > Regards,
> > Joel
> >
> > --On Thursday, September 01, 2011 8:53 AM -0500 Kevin Halgren
> > <kevin.halgren () washburn edu> wrote:
> >
> >> I signed up with an alias just to figure out this information.  Their
> >> tool looks for a unique code the "hacker" inserts into the HTML of a
> >> web page.  The
> >> code is in the following format:
> >>
> >> <!--hacked by /username/ :: /codenumber/-->
> >>
> >> codenumber in my case was a 9 digit decimal number.
> >>
> >> They scanned for that code (I didn't put the code in a web page, but
> >> I had them scan for it on a test server) from IP address 217.23.15.103
> >> (samoa.underhost.com).  That address is one off from their website,
> >> 217.23.15.104 for what it's worth.
> >>
> >> A signed in user gets access to a chat room that I didn't hang around
> >> in and to their bounties list.  There were only a handful of entries
> >> there, nothing
> >> that really concerned me, just things like kukluxklan.com and
> >> www.bnp.org.uk.  Unfortunately(?) the site is not responding at the
> >> moment so I can't get
> >> access to the full list.
> >>
> >> Pretty lame overall, but I hope this helps someone.
> >>
> >> Kevin
> >>
> >> On 8/31/2011 1:04 PM, Joel Rosenblatt wrote:
> >>> So, if you register (I didn't :-), do you get more information on the
> >>> hack then the name of the school?
> >>>
> >>> site:columbia.edu
> >>> About 1,830,000 results (0.13 seconds)
> >>>
> >>> Where do I look first? Without more information, this is useless
> >>>
> >>> Joel
> >>>
> >>> --On Wednesday, August 31, 2011 1:24 PM -0400 Nick Giacobe
> >>> <nxg13 () PSU EDU> wrote:
> >>>
> >>>> You all might want to check out the new site RankMyHack to see if
> >>>> your sites
> >>>> have been compromised and listed on the leaderboard.
> >>>>
> >>>>
> >>>>
> >>>> 68 edu sites are listed in the current list of hacks at
> >>>> http://www.rankmyhack.com/hacks.php
> >>>>
> >>>>
> >>>>
> >>>> Here is some very recent press about the RankMyHack Site:
> >>>>
> >>>>
> >>>>
> >>>> 
> http://www.washingtonpost.com/blogs/innovations/post/its-official-hacking-ha
> >>>>
> >>>>
> >>>> s-been-gamified/2011/08/30/gIQALidWrJ_blog.html
> >>>>
> >>>> 
> http://gizmodo.com/5836145/rankmyhack-gives-you-achievement-points-for-your-
> >>>>
> >>>>
> >>>> ballsiest-cyber-attacks
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> ---
> >>>>
> >>>> Nick Giacobe
> >>>>
> >>>> Research Technologist V and Ph.D Candidate
> >>>>
> >>>> College of Information Sciences and Technology
> >>>>
> >>>> Penn State University
> >>>>
> >>>> 101 Information Sciences and Technology Building
> >>>>
> >>>> University Park, PA 16802
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>> Joel Rosenblatt, Manager Network & Computer Security
> >>> Columbia Information Security Office (CISO)
> >>> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> >>> http://www.columbia.edu/~joel <http://www.columbia.edu/%7Ejoel>
> >>> Public PGP key
> >>> 
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 
> <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3>
> >>>
> >>
> >> --
> >> Kevin Halgren
> >> Assistant Director - Systems and Network Services
> >> Washburn University
> >> (785) 670-2341
> >> kevin.halgren () washburn edu
> >>
> >
> >
> >
> > Joel Rosenblatt, Manager Network & Computer Security
> > Columbia Information Security Office (CISO)
> > Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> > http://www.columbia.edu/~joel <http://www.columbia.edu/%7Ejoel>
> > Public PGP key
> > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 
> <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3>
> >
>
> --
> Kevin Halgren
> Assistant Director - Systems and Network Services
> Washburn University
> (785) 670-2341
> kevin.halgren () washburn edu

--
Kevin Halgren
Assistant Director - Systems and Network Services
Washburn University
(785) 670-2341
kevin.halgren () washburn edu