funsec mailing list archives

BSDNews.com is hacked and user information is exposed

From: "Paul Ferguson" <fergdawg () netzero net>
Date: Fri, 25 Apr 2008 21:32:46 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI.

[snip]

Breach Description:
It appears that the BSDNews.com web site may have been compromised through
an exploit of a file named "bottom.php3", which was used by the site.  The
attacker was able to access and download user account information.  As of
the time of this writing, BSDNews.com is offline.

[snip]

More:
http://breachblog.com/2008/04/25/bsdnews.aspx

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIEk34q1pz9mNUZTMRAtiOAKC87i4swNDK6pZz7oqcM86A9QIEugCfQGGc
fP6nWpdmonXHXqGuYL42RGo=
=gzQK
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

BSDNews.com is hacked and user information is exposed Paul Ferguson (Apr 25)
- Re: BSDNews.com is hacked and user information is exposed Jim O'Gorman (Apr 25)
- Re: BSDNews.com is hacked and user information is exposed Jim O'Gorman (Apr 25)
  - Re: BSDNews.com is hacked and user information is exposed Jim O'Gorman (Apr 28)