Full Disclosure mailing list archives
Media Defender pwned big time
From: <auto176343 () hushmail com>
Date: Tue, 18 Sep 2007 03:53:56 +0100
After the email leak[1], a phone call was leaked[2], allegedly between Ben Grodsky of Media Defender and New York State General Attorney. here is a teaser transcript: Ben Grodsky: "Yeah it seems...I mean, from our telephone call yesterday it seems that uhm... we all pretty much came to the conclusion that probably was ehm... caught in the email transmission because the attacker, I guess what you call, the Swedish IP, the attacker uhm... knew the login and the IP address and port uhm... but they weren't able to get in because we had changed the password on our end, you know, following our normal security protocols uhm... when we are making secure transactions like these on the first login we'll change the password so, obviously, well not obviously but, it seems that, most likely scenario is that, at some point that email was ehm... intercepted. You know just because it is,.. probably it was going through the public Internet and there wasn't any sort of encryption key used to ehm... protect the data in that email." Ben Grodsky: "...if you guys are comfortable just communicating with us by phone, anything that is really really sensitive we can just communicate in this fashion..." Ben Grodsky: "OK [confused, taking notes]. So, you are gonna disable password authentication and enable public key?" Ben Grodsky: "...that part has... has not been compromised in any way. I mean, the communications between our offices in Santa Monica and our data centers have not been compromised in any way and all those communications to NY, to your offices, are secured. The only part that was compromised was...was the email communications about these things." Ben Grodsky: "...All we can say for sure Media Defender's mail server has not been hacked or compromised..." [in answer to the question "What kind of IDS you guys are running?"] Ben Grodsky: "Ehm...I don't know. Let me look into that." [1] http://torrentfreak.com/mediadefender-emails-leaked-070915/ [2] http://thepiratebay.org/tor/3809004/MediaDefender.Phonecall-MDD -- Orlando Vacations - Click Here! http://tagline.hushmail.com/fc/Ioyw6h4eQYIUh5GP6TXBJkrbGXtVy6e3wl8YMoCtnDIhNerwr43Wv2/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Media Defender pwned big time auto176343 (Sep 17)
- Re: Media Defender pwned big time Simon Smith (Sep 18)