| 17 |
| Aug |
Article from Rik Ferguson
Filed under: Hacking,Opinion,Site Compromise,data leakage,spam | RSS 2.0 | TB | Tags: celebrity, compromise, data loss, hack, hacked, password, web | 12 Comments
No Intelligent Design for Dawkins forum…
Richard Dawkins, the evolutionary biologist and popular science author, famed for his no-holds-barred approach to what he sees as the unsubstantiated claims made by religion, certainly has all the proof he needs to believe in the cybercriminal underground.
Members of the discussion forum over at RichardDawkins.net all received a message, purporting to be from the forum admin which incongruously invited them to join a warez site.
Image from www.twitter.com/fadviral
The apparent hack has been confirmed by the site admins with a message posted on the front page.
Image from RichardDawkins.net
No word yet from the web site admins on how much personal data may have been put at risk during this intrusion. If the hackers had access to the forum admin account, they very probably had access to a large amount of user information including hashed passwords (or even worse clear text passwords?) and email addresses. My advice to anyone with an account on that particular forum would be to consider the password you used, and if it is common to any other services, then change it immediately.
At the time of writing the forum remains offline.
| Richard Dawkins forum compromised » CounterMeasures « Jared Rimer’s Technology blog and podcast: Tuesday, 18. August 2009 um 2:38 am |
|
|
[...] Richard Dawkins forum compromised » CounterMeasures. [...] |
|
| Jim Dominic: Tuesday, 18. August 2009 um 7:26 am |
|
|
The forum software the Dawkins site was using does not store passwords in clear text. |
|
| Rik Ferguson: Tuesday, 18. August 2009 um 8:47 am |
|
|
Thanks Jim, that’s relatively good news for forum members, but remember hashed passwords can also often be cracked using rainbow tables. |
|
| nobody: Tuesday, 18. August 2009 um 1:21 pm |
|
Is there really any current forum software that fails to salt the hashes? |
|
| ::: dawkins website gehacked ::: | LucitheR - der Teufel steckt im Detail: Tuesday, 18. August 2009 um 4:40 pm |
|
|
[...] Infos gibt es hier [...] |
|
| Rik Ferguson: Tuesday, 18. August 2009 um 9:58 pm |
|
|
You don’t remember the phpBB.com hack from February this year? :) |
|
| eleven: Tuesday, 18. August 2009 um 11:33 pm |
|
|
The hacker has now been thoroughly ID’d, as the idiot left a trail to his registered .com |
|
| Richard Dawkins’ website hacked « Anglican Samizdat: Thursday, 20. August 2009 um 6:44 pm |
|
|
[...] Filed under: evolution — David @ 1:43 pm Tags: evolution Why was Dawkins’ site chosen? Natural Selection. No Intelligent Design for Dawkins [...] |
|
| Chris Smith: Friday, 23. October 2009 um 1:57 am |
|
The unsalted passwords stolen then were from people who had not logged in since early 2007. phpBB3 uses salted hashes using the following framework: http://www.openwall.com/phpass/ |
|
| A Whole New Meaning To Phishing | Business Computing World: Monday, 7. December 2009 um 3:13 pm |
|
|
[...] all seriousness, this attack is highly reminiscent of the recent hack of the Richard Dawkins forum and is very much a trend I expect to see increasing over the coming months and years. Gaining [...] |
|
Monday, 17. August 2009 um 11:34 pm
Actually that first image is not from richarddawkins.net. It’s from my Twitter feed from my Gmail account. You’re quite welcome. :P