HTP hacks .edu systems
Posted by: TimW on 05/14/2013 10:47 AM
[
Comments
]
Hack the Plant (HTP) has claimed responsibility for hacking the MIT computer systems in January. Its mischief included redirecting email traffic and obtaining admin. access to all .edu domains. They also claimed to have hacked web servers for other sites, including security tool Nmap, network security service Sucuri, Trend Micro and network analysis tool Wireshark.
Unlike LulzSec, which just plasters the internet with everything they discover online, HTP is more interested in bragging rights for their activities. They publish their activities in old school zines that describe their deeds. Some of which include their access to servers hosting Magios, Mono, Pastie, and SQLite projects. 7500 .edu records have been published together with unsalted MD5 passwords. Plain text accounts for about half of the passwords. It's expected that the rest of the salted passwords will be published as plain text.
A mole is apparently associated with the group, as they claim that they have accessed the informant's webcam and seen an FBI observer apparently giving instructions. Because of the published exploits, administrators are being warned to keep an eye out for unusual activity over the next few days.
Coldfusion's vulnerability has already been addressed by Adobe. Users are encouraged to apply the fix as soon as possible. The MoinMoin exploit appears to be directed against the vulnerability fixed in version 1.9.6 (CVE-2012-6081). Thomas Waldmann, who is responsible for security patches at MoinMoin, states that all third party packages (e.g. from Linux distributors) patched with reference to CVE-2012-6081 are not vulnerable to the exploit in MoinMoin versions 1.9.6 and later.
Unlike LulzSec, which just plasters the internet with everything they discover online, HTP is more interested in bragging rights for their activities. They publish their activities in old school zines that describe their deeds. Some of which include their access to servers hosting Magios, Mono, Pastie, and SQLite projects. 7500 .edu records have been published together with unsalted MD5 passwords. Plain text accounts for about half of the passwords. It's expected that the rest of the salted passwords will be published as plain text.
A mole is apparently associated with the group, as they claim that they have accessed the informant's webcam and seen an FBI observer apparently giving instructions. Because of the published exploits, administrators are being warned to keep an eye out for unusual activity over the next few days.
Coldfusion's vulnerability has already been addressed by Adobe. Users are encouraged to apply the fix as soon as possible. The MoinMoin exploit appears to be directed against the vulnerability fixed in version 1.9.6 (CVE-2012-6081). Thomas Waldmann, who is responsible for security patches at MoinMoin, states that all third party packages (e.g. from Linux distributors) patched with reference to CVE-2012-6081 are not vulnerable to the exploit in MoinMoin versions 1.9.6 and later.
Comments
