Comments on: Re: ImageShack

By: Thomas Holbrook II

Thomas Holbrook II — Wed, 15 Jul 2009 02:40:26 +0000

I read the argument from the pastebin link, but I still disagree with the argument. Doesn’t this violate the Hands On Imperative?

By: Anti-Sec: Not a True Hacker Group - *NIXEDBLOG 3.0

Anti-Sec: Not a True Hacker Group - *NIXEDBLOG 3.0 — Wed, 15 Jul 2009 02:19:39 +0000

[...] software to allow the source code and the software itself to be shared. Thanks to a comment on Dan Fuhry’s blog, I ran across a more eloquent argument. There is an inevitable problem [...]

By: James

James — Tue, 14 Jul 2009 16:37:44 +0000

You do not seem to understand, or maybe I don’t.. but let me try to show you what I understood..

@b:

You should contact ImageShack it self, just like I did… the 998 servers were compromised.
this is not like a shared hosting env. where if you gain access to main domain you can edit all the subdomains, no. every subdomain on imageshack had its own different server.

@Dan:

No one knows for sure it was an OpenSSH vuln, so don’t be so sure that this is the only thing they have, because even that has not been confirmed.. Astalavista did not run OpenSSH 4.3, they even had there SSH iptabled..

One more thing, I found this:

http://pastebin.com/f6e27894b

It really explains the movement way better than that image, you should give it a read.

By: Snife

Snife — Mon, 13 Jul 2009 20:35:09 +0000

@Dan Fuhry

Bravo! I’m glad to see someone call out the so-called “anti-sec movement” on its ridiculous and hypocritical statements. I would like to see them get stealthrm’ed and shamed, but that’s just the mean guy in me.

By: Douche LaRue

Douche LaRue — Mon, 13 Jul 2009 18:03:55 +0000

This “anti-sec” stuff sounds exactly like the kind of boneheaded teenage manifestos I used to see in high school. I’m sure the hundreds of thousands of people involved in computer security worldwide are trembling in their boots at being “destroyed” by these jokers.

Oh noes! People are exploiting public ignorance for profit! They must be destroyed! Hey, how about you turn your rage on more deserving targets, like the oil companies or multinational food conglomerates? I mean, computer security? Really?

By: Phil

Phil — Mon, 13 Jul 2009 16:15:53 +0000

fwknop ftw.

Great post Dan. I agree with everything, glad I came across this post.

By: secy

secy — Mon, 13 Jul 2009 16:14:29 +0000

like worldStupid++; said, “anti-sec can lick my nuts.”

By: Dan Fuhry

Dan Fuhry — Mon, 13 Jul 2009 06:21:25 +0000

It’s an OpenSSH hole of some sort, and I think they are script-kiddies, in the sense that they wrote their own code but use the same thing everywhere. So seeing as I have SSH firewalled pretty carefully, I don’t really even perceive them as a threat.

By: Eric

Eric — Mon, 13 Jul 2009 06:16:46 +0000

I believe we may be discussing two different things. In any case, how do we know they didn’t use closed source tools? I agree it’s likely they put on their s’kiddy hat to do it, but I haven’t seen any reports of how the hack was done. Does anyone know? Or has Anti-Sec won in this case (in terms of no full-disclosure of their hack)?

By: Dan Fuhry

Dan Fuhry — Mon, 13 Jul 2009 06:03:09 +0000

I’m not in support of their position, I’m just looking at it from their angle. They hate full disclosure and by extension open source, so they are being hypocritical by using the tools they hate, so if they really believed their own philosophy they should be using closed source tools.

Notice that “I think” open source tools are harder to hack with. Opinion. It has nothing to do with my factual presentation above.

I agree with most of the reddit commenters: they just want everything to be easier for them to hack. They want to own the world, and don’t seem to understand that we’re telling them the same thing we told the last group with similar ambitions: Dream on.