securitynewsportal.com hacked

["Ivan@work" <ivan () incode com au>]

Hi,
At about 1.00pm EST in Australia, www.securitynewsportal.com was hacked by
YIHAT. I have some screen captures if anyone is interested.
cheers Ivan
text to follow:
----snip-----
Hello, world!
SECURITYNEWSPORTAL is temporarily down. We'd like to take this time to talk
to you about some things.
There exists a cancer in the security community right now, and that cancer
exists in individuals and groups who could be classified as scenewhores.
These parties attempt to profit off the security community, without actually
being a part of it.
For instance, SECURITYNEWSPORTAL.COM. This site was
hacked/cracked/rooted/whatever with the ssh1/crc32 exploit. Sure, SNP staff,
call us scriptkids. We won't argue that. But, what does it make you? Your
server has been vulnerable to a bug that has been known of since February.
You've built a popular "security" site (although, the truth is its complete
garbage, but the masses don't realize that, hopefully they will start to
now). Maybe if this weren't a "security" site, they would have an excuse for
this compromise, but lets be realistic -- there is no reason for anything
"security" related to be compromised by an eight-month old bug. And,
especially after all the current discussion about the bug in "security"
forums.
SECURITYNEWSPORTAL.COM makes money off their website. They encourage the
actions of scriptkids. They encourage defacements. Why shouldn't they? They
make money off their actions. SECURITYNEWSPORTAL.COM is more about
insecurity than security; their business prospers. We are looking forward to
hearing them bitch about this incident. Hypocrites.
Why do companies choose to advertise with an organization like
SECURITYNEWSPORTAL.COM? Advertising with them supports them, why do you
support them? Are you aware of what you're supporting? The people who run
SNP are _NOT_ hackers, they do _NOT_ possess any knowledge pertinant to
computer security; why is your money with them? Why don't you donate to
organizations that do _REAL_ security research? Why not invest your money
somewhere better?
The era of security scenewhores is about to end. Well, not all scenewhores,
just the ones who attempt to exploit the security scene for their own
personal profit. SNP staff -- instead of trying to refute the claims against
you, why don't you spend some time learning computer security? That'd be the
intelligent thing to do. You probably want to get your capitalist machine up
and running again though, don't you?
Everyone, please think of what we have said here. To the public, please take
the time and ponder how "security minded" the staff of
SECURITYNEWSPORTAL.COM are. Remember, this site was comprimised by an
eight-month old bug. Sure, they'll bitch and moan about being the victim of
some scriptkid, but what are they really saying? "We're too lame to
understand the security advisories we mirror", or "We don't have the time to
maintain security on this machine; all our time is invested in running this
magnificent website", or even try to claim that it was a different
vulnerability? To all who are advertising here, can you _PLEASE_ at least
consider what you are supporting? You aren't supporting the security
industry, the traffic you recieve back is from a "kiddie" population (anyone
who frequents this site and thinks its worthwhile is either entirely
ignorant of security matters, or a kiddie of some sort). It shouldn't be too
hard to find more profitable and worthwhile ventures.
Incidently, if you're a real hacker, and looking to do some good for the
world, please come to irc.booze.de/#yihat and speak with us. We're always
looking to recruit new talent for our organization.
Sincerely,
Kim Schmitz (aka Kimble)
YIHAT Founder / Chief Hacking Officer
www.kill.net + www.kimble.org
+49 89 523520
<Kimble> to all the flamers, yihat will have thousands of members in a few
month, be carefull! critics are ok, insults NOT!
---snip----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com