Yeah, the site that originally had the usernames/passwords posted seems to be down (for me at least) right now. Other site is has closed public access to the forums, but the google cache is still up. More at http://www.elwood.net/post/32863299.
Myself, I am just sorry I waited a week to make it public. I thought the BSDnews people would be more on the ball then they turned out to be. Notice finally came out today after Evan posted the news and other sites picked up on it. I still don't understand why they were keeping plaintext passwords for all their users. -- Jim O'Gorman [EMAIL PROTECTED] http://www.elwood.net On Fri, Apr 25, 2008 at 4:32 PM, Paul Ferguson <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > FYI. > > [snip] > > Breach Description: > It appears that the BSDNews.com web site may have been compromised through > an exploit of a file named "bottom.php3", which was used by the site. The > attacker was able to access and download user account information. As of > the time of this writing, BSDNews.com is offline. > > [snip] > > More: > http://breachblog.com/2008/04/25/bsdnews.aspx > > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > > wj8DBQFIEk34q1pz9mNUZTMRAtiOAKC87i4swNDK6pZz7oqcM86A9QIEugCfQGGc > fP6nWpdmonXHXqGuYL42RGo= > =gzQK > -----END PGP SIGNATURE----- > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. >
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
