A TREND MICRO BLOG

Aug 17

Richard Dawkins forum compromised

Rik Ferguson

Filed under: Hacking, Opinion, Site Compromise, data leakage, spam | RSS 2.0 | TB | Tags: , , , , , , | 12 Comments

No Intelligent Design for Dawkins forum…

 

Richard Dawkins, the evolutionary biologist and popular science author, famed for his no-holds-barred approach to what he sees as the unsubstantiated claims made by religion, certainly has all the proof he needs to believe in the cybercriminal underground.

 

Members of the discussion forum over at RichardDawkins.net all received a message, purporting to be from the forum admin which incongruously invited them to join a warez site. 

Image from www.twitter.com/fadviral

Image from www.twitter.com/fadviral

 

The apparent hack has been confirmed by the site admins with a message posted on the front page.

 

Image from RichardDawkins.net

Image from RichardDawkins.net

 

No word yet from the web site admins on how much personal data may have been put at risk during this intrusion.  If the hackers had access to the forum admin account, they very probably had access to a large amount of user information including hashed passwords (or even worse clear text passwords?) and email addresses. My advice to anyone with an account on that particular forum would be to consider the password you used, and if it is common to any other services, then change it immediately.

 

At the time of writing the forum remains offline.

forumdown


Bookmark
| More

This entry was posted on Monday, 17. August 2009 and is filed under "Hacking, Opinion, Site Compromise, data leakage, spam". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

12 Comments

  1. Monday, 17. August 2009 um 11:34 pm

    Actually that first image is not from richarddawkins.net. It’s from my Twitter feed from my Gmail account. You’re quite welcome. :P

  2. Tuesday, 18. August 2009 um 2:38 am

    [...] Richard Dawkins forum compromised » CounterMeasures. [...]

  3. Tuesday, 18. August 2009 um 7:26 am

    The forum software the Dawkins site was using does not store passwords in clear text.

  4. Tuesday, 18. August 2009 um 8:47 am

    Thanks Jim, that’s relatively good news for forum members, but remember hashed passwords can also often be cracked using rainbow tables.

  5. Tuesday, 18. August 2009 um 1:21 pm

    but remember hashed passwords can also often be cracked using rainbow tables.

    Is there really any current forum software that fails to salt the hashes?

  6. Tuesday, 18. August 2009 um 4:40 pm

    [...] Infos gibt es hier [...]

  7. Tuesday, 18. August 2009 um 9:58 pm

    You don’t remember the phpBB.com hack from February this year? :)

  8. Tuesday, 18. August 2009 um 11:33 pm

    The hacker has now been thoroughly ID’d, as the idiot left a trail to his registered .com

  9. Thursday, 20. August 2009 um 4:09 pm

    The Christian Taliban

  10. Thursday, 20. August 2009 um 6:44 pm

    [...] Filed under: evolution — David @ 1:43 pm Tags: evolution Why was Dawkins’ site chosen? Natural Selection. No Intelligent Design for Dawkins [...]

  11. Friday, 23. October 2009 um 1:57 am

    You don’t remember the phpBB.com hack from February this year? :)

    The unsalted passwords stolen then were from people who had not logged in since early 2007. phpBB3 uses salted hashes using the following framework: http://www.openwall.com/phpass/

  12. Monday, 7. December 2009 um 3:13 pm

    [...] all seriousness, this attack is highly reminiscent of the recent hack of the Richard Dawkins forum and is very much a trend I expect to see increasing over the coming months and years. Gaining [...]

Leave a comment

XHTML allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam protection

© Copyright 2010 Trend Micro Inc. All rights reserved.
Legal Notice. Disclaimer