http://blog.wired.com/27bstroke6/2008/06/hacker-hijacks.html
By Ryan Singel
Threat Level
Wired.com
June 02, 2008
Being one of the baddest security researchers on the net can't be an
easy job.
Take H D Moore, the creator of Metasploit Framework -- a widely-used
open-source tool which hackers and developers alike use to find
vulnerabilities in remote servers.
Monday morning, Metasploit.com was temporarily hijacked using an attack
on the local area network of Metasploit's hosting provider. Using what
is technically known as ARP spoofing, the attacker was able to intercept
visitors to Metasploit.com, and instead serve them up a page saying the
site had been "hacked by sunwear ! just for fun. Users were then
redirected to a Chinese forum with an image of the hack.
The Metasploit server itself wasn't compromised, according to Moore, who
fairly quickly fixed the vulnerability by hard-coding the right route
for the packets.
But since some 250 other servers are hosted on the same local area
network at the service provider, they remain at risk, according to
Moore.
One can only hope for their sake that they don't have the reputation of
Moore and aren't worth the time of a bored hacker.
Via SunBelt Software's blog:
http://sunbeltblog.blogspot.com/2008/06/metasploit-hacked.html
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
Comments