Friday, November 09, 2007

First Forensic Forum defaced

The "First Forensic Forum" an open forum for digital forensic practitioners and security professionals has been defaced. Good thing they have no shortage of forensics and security professionals to evaluate the situation and track down the vulnerabilities that were exploited :-).

"S4udi-S3curity-T3rror" wrote: "The F3 For Security Hacked. What's Happened In The world. Thay Are No Security Or What"

It goes to show you this sort of thing can happen even to the best in the field (security professionals).

They were using Zeus webserver at the time.

Which, oddly enough, seems to have a pretty clean security track record. So it might have been human error (permissions and that sort of thing) or badly written applications. Some of the errors on the website seem to indicate a badly written PHP application.

Warning: main() [function.include]: Failed opening '/content/StartupHostPlus/f/3/' for inclusion (include_path='.:/usr/local/lib/php') in /content/StartupHostPlus/f/3/ on line 104

And again, he has been keeping himself pretty busy lately:

Results 1 - 10 of about 13 for "S4udi-S3curity-T3rror was here"

S4udi-S3curity-T3rror. Was Here. ====================================================== !!!!! The Global Trust Security Hacked. :\ What Happen In The world ...

S4udi-s3curity-T3rror was here
This Site Was Hacked. By. S4udi-S3curity-T3rror | NorTh Hacker. Don't Scare Just Rename The Index :). =========================================== ...

S4udi-s3curity-T3rror was here
HACKED. Big Error By. S4udi-S3curity-T3rror. --------------------------------------------------. TrusT_Me If You Know The Trust. S4curity@HotMail.Com ...

You get the picture. From "" or "" he seems to change the index.