Savaitgalį grupė Gnosis įsilaužė į Gawker Media serverius ir paviešino Gizmodo, Kotaku, Lifehacker, ir Gawker paskyrų prijungimo duomenis.
So, here we are again with a monster release of ownage and data droppage.
Previous attacks against the target were mocked, so we came along and raised the bar a little.
Fuck you gawker, hows this for "script kids"?
Your empire has been compromised, Your servers, Your database’s, Online accounts and source code have all be ripped to shreds!
You wanted attention, well guess what, You’ve got it now!
Tarp paviešintų duomenų yra ne tik komentarų sistemos vartotojų duomenys, bet ir Gawker Media darbuotojų elektroninio pašto adresų slaptažodžiai, bei ir pačios TVS failai bei kita informacija.
Gnosis “pranešimas spaudai” (Būtinai paskaitykite jei tema domina)
Paviešintus duomenis galima rasti The Pirate Bay, kadangi slaptažodžiai duomenų bazėje buvo koduojami, tad įsilaužėliams pavyko atkoduoti tik nesudėtingus, apie 188 tūkstančius.
After gaining access to gawkers MySQL database we stumble upon a huge
table containing ~1,500,000 users. After a few days of dumping we
decided that 1.3 million was enough.Gawker uses a really outdated hashing algorithm known as DES (Data Encryption Standard).
Because DES has a maximum of 8chars using a password like "abcdefgh1234" only the
first 8 characters "abcdefgh" are encrypted and stored in the database. If your
password is longer than 8 characters you only need to enter the first 8 characters
to log in!YA DONT SAY!! :D?
Because of this we were only able to recover the first 8 characters of someones password!
If the password is 8 characters long there’s a good chance that it migt be longer
than 8 characters! But still, there’s 1000’s of people using 1 – 8 character passwords
for us to have some fun with!We managed to crack ~200,000 hashes, if you want the rest of them cracking
DO IT YOUR FUCKING SELF! >:3
Gnosis teigia, jog jų veikla nesusijusi Operation Payback, o tiesiog norėta parodyti, jog Gawker ne taip ir pasirūpinęs saugumu kaip visi galvoja:
You would think a site that likes to mock people, such as gawker, would have better security and actually have a clue what they aredoing.
But as we’ve proven ,those who think they are beyond our reach aren’t as safe as they would like to think!
Tarp paviešintų duomenų radau ir savo paskirą, tiesa slaptažodis buvo neiškoduotas, bet jei ir būtų negalėčiau patikrinti ar tikras, nes nepamenu koks buvo 🙂
