ProFTPD pwned and backdoored

On 29 novemeber the server at ftp.proftpd.org which is hosting the official ProFTPD download packages and source for all other mirrors was compromised and a backdoor has been planted into the source. This seems to be the case only for the 1.3.3c version of ProFTPD.

Original quote from protfpd.org:

ftp.proftpd.org compromised

[01/Dec/2010]The ProFTPD Project team is sorry to announce that the Project’s main FTP server, as well as all of the mirror servers, have carried compromised versions of the ProFTPD 1.3.3c source code, from the November 28 2010 to December 2 2010. All users who run versions of ProFTPD which have been downloaded and compiled in this time window are strongly advised to check their systems for security compromises and install unmodified versions of ProFTPD.

To verify the integrity of your source files, use the PGP signatures which can be found here as well as on the FTP servers.

The source code in CVS was not affected.

Thus if you grabbed 1.3.3c lately and set it up on your system you’d better act upon it. More info on the subject and pointers on what too look for can be find here.

Tagged with:
 

usa.kaspersky.com Pwned

http://hackersblog.org/2009/02/07/usakasperskycom-hacked-full-database-acces-sql-injection/

Kasper In The Sky Antivirus has been pwned at the fullest extent of shame! It’s probably because they have been smoking up up to the skies for too long celebrating somewhat of a popularity on the AV market. A slap doesn’t hurt from time to time…just so too keep them in focus and concentrated. 😈

Tagged with:
 

Street Racer owned online

Getting owned online after street racing by the cop who gave him the ticket:

sr_owned

Tagged with:
 
lamo-mitnick-poulsen

Adrian Lamo, Kevin Mitnick, Kevin Poulsen

In case you have been living on the moon:

Kevin David Mitnick (born August 6, 1963) is a computer security consultant and author, who was incarcerated for more than four years without trial or a bail hearing.

He was a world-famous controversial computer hacker in the late 20th century, who was at the time of his arrest, the most wanted computer criminal in United States history. more…

Ever wanted to see Kevin in action?

See him as he types?

See him as he hacks/cracks?

Then you have clicked to the right place.

Some of the network data gathered(sniffed or logged) for prosecution before Kevin’s apprehension by telco’s and other parties involved in the investigation with the help of Tsutomu Shimomura, has been released to the public a long time ago. Shimomura used a custom version of tcpdump in his sniffing sessions on Mitnick and eventually he made a program to convert the gathered data into an interactive application that matches exactly what Mitnick was seeing and doing during his telnet sessions(it sounds more complicated than it is, a little understanding of the telnet protocol, which dominated the internet back then, and the fact that a tcpdump session on a host between mitnick and he’s other peers contains all the needed information to recreate with precise accuracy exactly what happened,when and how it looked).

They have been hosted at the evidence section on a site called Takedown(like the book by Shimomura&John Markoff and the movie) along with the prank calls made to Shimomura’s voicemail and other related stuff.

If you’re not familiar with Kevin’s story and a little bit of unix/linux i don’t think you will be making much sense out of the transcripts,except for the chatting sessions. Although this looks like a great motivation to start learning/using linux/unix just because you wanted to understand what is the stuff Kevin types while he hacks. 😈

If you want to know more about Kevin’s story just press the magic button or roll your eyes over news/articles on takedown.

For the Mitnick familiar and hackers out there i present Tsutomu’s January 25 Post to Usenet which explains with some level of detail the IP source address spoofing and TCP sequence number prediction attacks that were used by Kevin to pwn Shimomura’s diskless X terminal and from there using a loadable kernel STREAMS module an existent connection to Shimomura’s real box was hijacked thus leading to the pwnage of Tsutomu’s goodies treasurechest.It was interesting the way Tsutomu wanted to make sure the world understands how his box got owned. 😳

You will be needing telnet to view the sessions. For each session you will have to telnet on a different port on the same machine as each transcript is served through a different port.

➡  The site
➡  Telnet transcripts
➡  Voicemail pranks to Shimomura

kevin_mitnick

They always use the ugliest picture possible,so that he looks like a pedofile and everyone is happy.

I am eager to see Kevin haaack, i want to see some stuff right now! Gimme teh box and it’s hole!

Well select one from bellow based on the summary of the transcript, then open a shell and type/paste the corresponding telnet command:

This is the chat session in which Kevin asks his friend jsz at Ben-Gurion University in Israel for tools. He asks over and over again until he gets satisfaction. Since we are seeing what Kevin saw, in the talk session the top half of the window (above the dashed line) is what he was saying; the bottom is what jsz was saying.  —>

telnet kevin-on-demand.takedown.com 4009

Nobody speaks better for Kevin Mitnick than Kevin himself. Here we learn that we are indeed dealing with Mitnick, as well as good many other   things.   Do these sound like nice people to you?Discussion of Tsutomu, Markoff, Dan Farmer, a “picture on the front page of the New York Times.” —>

telnet kevin-on-demand.takedown.com 4010

Kevin breaks into Dan Farmer’s machine(creator of SATAN security scanner), fish.com, and peruses his files and mail looking for information about himself, Tsutomu, security holes, and the FBI. Breaks into Sun, confirming that the “access1” in the talk session that afternoon really did refer to access1.sun.com. Kevin also has a fascination with looking through the command histories of system administrators, presumbaly to see if they are on to him. —>

telnet kevin-on-demand.takedown.com 4013

This is the first session where a possible reference to “Mitnick” was seen. —>

telnet kevin-on-demand.takedown.com 4008

Many more here.

Dude??!? What’s a shell?!?! 🙄

This will do just fine for you:

(have nice wank at the pretty hackish white blinking cursor..white…black…white…black)  😈

Tagged with: