---------- Forwarded message ---------- From: n3td3v <[EMAIL PROTECTED]> Date: Jan 20, 2008 10:34 PM Subject: Incident: High traffic social media sites being exploited To: n3td3v <[EMAIL PROTECTED]>
it appears hackers are exploiting high traffic social media sites right now by submitting sql query links as news stories pointing towards websites such as rhe RIAA. reports are already blaming digg and reddit for this act of crime, and i've noticed in the "upcoming" sections the malicious links. we should contact digg and reddit to get these links pulled, and to get digg and reddit's system to automatically identify these kind of links from getting past the submission stage. i want action taken about this issue of social media sites doing this to websites... this case is very serious and should be highlighted, we can't continue to allow sites like reddit and digg to do "legitimate" ddos and other exploitation attacks. the users have been posting links in the main anti riaa thread today thats currently on the frontpage and there are loads of other malicious links in the upcoming section. contact digg, and reddit and demand these links are removed from the main thread, and from the submitted links in the upcoming sections. someone like sans should be making sure this kind of thing is criminalized, and to get the message out to the security news wires to stop this crap and make sure people know this is socially unexceptable and illegal. im serious, this has been happening too many times on social media sites, but this si the most serious case so far. i'm asking for the security industry to clamp down on social media sites like digg and reddit and call for the owners to take rapid response to individuals and thread, links appearing on your site that are calling for social media site users to visit a link to exploit servers, and bring down websites and change site content. i want this kind of act finally made illegal and i want legal action taken if social media sites are not doing enough to remove threads, and upcoming links, that call for "legitmate attacks" of high profile websites such as the RIAA. i want publicity from the normal media sites to bring attention to this increasingly growing threat where malicious users area attacking sites for political purposes through reddit and Digg. I want the RIAA thread removed and I want all the malicious sql query and other links removed, i want the users posting the links banned from the site, and i want rapid response proactive measures taken by social media sites in the future to remove threads and users supporting website exploitation, by encouraging social media users to visit a site via carefully crafted web link. this issue cannot be shrugged off anymore, something has to be done and done right now by the site owners, the security industry and law enforcement agencies to get tighter controls of what can be left up on social media sites, even if a story is "popular" on the frontpage of these sites doesn't mean there is nothing wrong with leaving it there. this isn't the end of this matter, i'm e-mailing various people as i type this to bring attention to this case where the RIAA site was taken over because of digg and reddit's lack of caring or response that it was there users who are doing illegal acts for a poltical agenda, and everyone laughing thinking its funny and just thinking there is nothing illegal going on. just because your a social media site and people have voted for an article and made it popular doesn't mean its all right. expect this issue to addressed by the security industry very shortly via news articles,blogs and on mailing lists. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
