No Intelligent Design for Dawkins forum…
Richard Dawkins, the evolutionary biologist and popular science author, famed for his no-holds-barred approach to what he sees as the unsubstantiated claims made by religion, certainly has all the proof he needs to believe in the cybercriminal underground.
Members of the discussion forum over at RichardDawkins.net all received a message, purporting to be from the forum admin which incongruously invited them to join a warez site.
Image from www.twitter.com/fadviral
The apparent hack has been confirmed by the site admins with a message posted on the front page.
Image from RichardDawkins.net
No word yet from the web site admins on how much personal data may have been put at risk during this intrusion. If the hackers had access to the forum admin account, they very probably had access to a large amount of user information including hashed passwords (or even worse clear text passwords?) and email addresses. My advice to anyone with an account on that particular forum would be to consider the password you used, and if it is common to any other services, then change it immediately.
At the time of writing the forum remains offline.
Something should be done about the growing number of internet crimes. We should further enforce the internet regulating legislation
Pingback: A Whole New Meaning To Phishing | Business Computing World
The unsalted passwords stolen then were from people who had not logged in since early 2007. phpBB3 uses salted hashes using the following framework: http://www.openwall.com/phpass/
Pingback: Richard Dawkins’ website hacked « Anglican Samizdat
The Christian Taliban
The hacker has now been thoroughly ID’d, as the idiot left a trail to his registered .com
Pingback: ::: dawkins website gehacked ::: | LucitheR - der Teufel steckt im Detail
Is there really any current forum software that fails to salt the hashes?
You don’t remember the phpBB.com hack from February this year? :)
The forum software the Dawkins site was using does not store passwords in clear text.
Thanks Jim, that’s relatively good news for forum members, but remember hashed passwords can also often be cracked using rainbow tables.
Pingback: Richard Dawkins forum compromised » CounterMeasures « Jared Rimer’s Technology blog and podcast
Actually that first image is not from richarddawkins.net. It’s from my Twitter feed from my Gmail account. You’re quite welcome. :P