Slashdot Mirror

← Back to Stories (view on slashdot.org)

ImageShack Hacked, Security Groups Threatened

Posted by Soulskill on from the a-picture's-worth-a-couple-hundred-words-or-so dept.

revjtanton writes "Last night a group calling themselves 'Anti-Sec' hacked ImageShack, one of the largest image hosting sites on the web, and replaced many of the site's hosted pictures with one of their own, which detailed their manifesto. The group's grievance is against full-disclosure of exploits, an issue that was debated recently after a presentation on an ATM exploit was canceled. Anti-Sec simply wants the practice within security circles to end, and they've promised to cause 'mayhem and destruction' if it doesn't. These people are taking direct aim against a sector of the IT industry that is already armed to fight the ... but they also already know that. It should be interesting to see how this plays out."

7 of 288 comments (clear)

  1. related to openssh rumors? by Anonymous Coward · · Score: 2, Interesting

    These are the same people who say they've found an exploit in some versions of openssh. Any connection?

    http://seclists.org/fulldisclosure/2009/Jul/0028.html

    http://news.ycombinator.com/item?id=692036

    http://lwn.net/Articles/340483/

  2. wow what an awesome idea! by trybywrench · · Score: 4, Interesting

    What an effective way to distribute a message, hack one of the worlds most popular image hosting sites and replace all the images with your manifesto! Every site with an image linked back to imageshack would be displaying your message. Instant.global.audience. I'm not justifying what they did and I'm all for the feds handing out a beat down, afterall, the law is the law but man, what a good idea.

    --
    I came to the datacenter drunk with a fake ID, don't you want to be just like me?
  3. Re:Astalavista by Threni · · Score: 3, Interesting

    Hardly, given that they're anti-disclosure.

  4. Re:Help for the unfamiliar by klui · · Score: 5, Interesting

    It doesn't show the details but their website gives a summary. http://romeo.copyandpaste.info/txt/imageshack-pwned.txt How accurate, who knows.

  5. Re:What is their motivation? by fictionpuss · · Score: 2, Interesting

    If you discover another zero-day root exploit in the Linux kernel on your own, and you have the means to sell it to the highest bidder for a nice pile of cash, then neither you nor the winner have a motivation to pass on that secret to the underground.

    If there are fewer active vulnerabilities floating in the underground - accounting for accidental or the occasional intentional leak - then how is that more chaotic than what we have now?

    I'm curious - I'm not an expert in this stuff by any means.

    Oh wait, this reminds me a little of the Linux-development policy change with regards no longer enumerating the fixes and vulnerabilities which comprise each release version -- do you similarly believe that policy will lead to more chaos?

  6. Re:What is their motivation? by Bert64 · · Score: 2, Interesting

    What would happen, is that the prevalence of unskilled script kiddies would massively decrease, and the background scans taking place constantly would decrease... Because the perceived threats would have abated, people wouldn't bother installing updates or taking any measures to protect themselves. Also without public disclosure and/or active exploitation, software vendors would downplay the seriousness of their vulnerabilities and delay providing patches for them.

    The end result of this, is that the smaller number of people who can acquire exploits, and this includes paid criminal gangs, would have a lot more power because they would no longer have to compete against the script kiddies for control of drone systems.

    Incidentally, i am also against the *free* disclosure of vulnerabilities in non free software... Commercial vendors charge you a lot of money for their software, and can often be hostile or uncommunicative towards people who find bugs in their software... These people finding bugs are effectively doing their jobs for them and get nothing but grief in return, so it's no wonder that so many bug hunters are now working for criminal gangs.
    A lot of these vendors want you to do their beta testing for them for free, and then report the bugs privately to them so they can silently fix them not even giving you credit for the find and often not disclosing any details to the public other than perhaps providing a black box patch.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  7. Excellent use of irony by gr8dude · · Score: 2, Interesting

    I think they are pro full-disclosure, and this action is just a pun.

    The message they are trying to get across is: "If you close your eyes, the world doesn't disappear. Here's an example of a hack, just to show you that vulnerabilities will continue to exist even if you don't make them public. Not only that, but there will also be people who will find them and use them, regardless of your will to make them public or not".

    The message is worded well, others noticed it too; I think the author is too intelligent to be so ignorant of the truth.

    --
    The saddest poem