美国Web托管服务商Linode上周五向用户发出电子邮件通知,称发现可疑入侵行为,希望用户对密码进行重置。Linode当时还表示,没有发现用户数据被窃取。截然相反的是,黑客却声称已经取得Linode 所有信用卡号和密码Hash。据最新消息:代码片段和服务器目录已被黑客公开。(Linode 居然把加密信用卡使用的公钥和私钥放在了一起,简直不忍直视……)498)this.w
idth=498;' onmousewheel = 'javascript:return big(this)' style="width: 481px; height: 243px" border="0" alt="黑客声称已取得Linode所有信用卡信息" width="639" height="317" src="http://s1.51cto.com/wyfs01/M00/07/0E/wKioOVFuE7ew77mwAAC102RWYC4145.jpg" />这是4月15日的linode.log文件.'ryan_' is involved with HTP (a computer cracking collective).TL;DR version:05:10 < ryan_> https://bin.defuse.ca/hq0Ay8RzpKdR6vQwYxnmhc05:11 < ryan_> if that's not proof I don't know what isIf you are a linode customer, I strongly suggest reconsidering. Andchanging your banking credentials.(译:如果你是Linode的客户,我强烈建议你更换你的银行卡认证信息)。05:05 < ryan_> Hey I can tell you05:05 < ryan_> exact details of the attack05:05 < ryan_> manager.linode.com was br
eached with a coldfusion exploit05:05 < ryan_> it was compromised for a couple of weeks05:05 < kyhwana> I hope they're using b
crypt/similar, etc.05:05 < ryan_> we made a deal with linode staff not to share it05:05 < ryan_> kyhwana: sha256crypt05:05 < kyhwana> ryan_: god some proof?05:05 < shmoon> "we"?05:05 < kyhwana> s/d/t05:05 < kyhwana> heh05:05 < ryan_> they contacted law enforcement05:05 < ryan_> broke the deal05:05 < ryan_> kyhwana: the released database should serve as proof05:06 < ryan_> We will also release the logs of the linode staff who participated in this deal05:06 < shmoon> "WE"???05:06 < shmoon> who is we?05:06 < ryan_> of course they wouldn't have ever told you (customers) about it if we didn't tell them that we will release the data after we saw them contacting LE05:06 < ryan_> does it matter who is "we"?05:06 < ryan_> It's an entity I represent05:07 < drclawski> of course it matters who you represent05:07 < ryan_> you probably weren't targetted but doesn't stop us from releasing your credit card info since linode staff tried to fuck us over05:07 < shmoon> hm05:08 < drclawski> well, the way you talk right now I'm glad linode contacted law enforcement05:08 < shmoon> 05:08 < gerryvdm_mbp> ah, could change back to my original password after intermediary one!05:08 < Ruchira_> ryan_: got a link to that db where I can download it?05:08 < Ruchira_> :*05:08 < kyhwana> link 2 pastebin plz05:09 < ryan_> Ruchira_: not yet05:09 < mestri> this sounds so fishy05:09 < shmoon> credit card details were leaked ? 05:09 < chesty> full of it05:09 < ryan_> https://twitter.com/hacktheplanet05:09 < ryan_> you can follow there05:10 < ryan_> hey05:10 < ryan_> lets prove it this way05:10 < chesty> there's nothing there05:10 < Ruchira_> ryan_: gimme the db or GTFO05:10 < ryan_> https://bin.defuse.ca/hq0Ay8RzpKdR6vQwYxnmhc05:11 < ryan_> if that's not proof I don't know what is05:12 < mestri> hm i see.05:12 < Ruchira_> wow someone can right click and view source O_o05:12 < ryan_> Ruchira_: do you have the slightest idea on what you are talking about?05:12 < Ruchira_> yup05:12 < ryan_> well then, I wouldn't have the source code of any of those files, right?05:13 < ryan_> and why would I have the y_key_57284cb2de704e02.html file name?05:13 < ryan_> caker:{SHA}f6gtSn8vrtJfOr5BL73qur9pZjM=05:13 < ryan_> mgreb:{SHA}Rs6+t2AmP8Zk9Tt2L8V6KoF/p68=05:13 < ryan_> tasaro:{SHA}VX3HOGFij2T+vBPQsJziNeFih9s=05:13 < ryan_> restelow:kO8AB7F2vGeTY05:13 < ryan_> irgeek:{SHA}vB9kanV+A2b6YBHskkgrWPmDLhU=05:13 < ryan_> sschwertly:{SHA}MhAwd561ZtgAH2NgXLltvmWlgfQ=05:13 < ryan_> dariti:{SHA}qWfPCORks8jobCzOHX6BcX5FS+Q=05:13 < ryan_> bkaplan:{SHA}npf7EGrBJVP/L70h830WZcjBMP8=05:13 < ryan_> psandin:{SHA}tKrcBAD/mj25kX0MSrZKtWAbpRk=05:13 < kyhwana> why would there be random AMI bios ROMS in that htdoc?05:13 < ryan_> afolson:{SHA}udkD+S5jcqr66VDf6OgSxhHhbzQ=05:13 < ryan_> cron:{SHA}FFwIAcaqmbdxfVGfpoCtd4pva4Y=05:13 < ryan_> I wouldn't have those either05:14 < ryan_> I don't know05:14 < scottymeuk> kyhwana: even linode has random shit l
ying around like the rest of us 05:14 < ryan_> ask linode staff05:18 < ryan_> kyhwana: I just pasted admin hashes05:18 < ryan_> that should be enough05:19 < ryan_> and manager is on the same box as the main website05:19 < kyhwana> So what? anyone can make up hashes05:19 < ryan_> See http://www1.linode.com/manager/05:19 < AlexC_> The best thing to do is to wait for an official response from Linode, a follow up to their blog post05:19 < ryan_> kyhwana: yes and I can get all the files in their wwwroot?05:19 < ryan_> give me a name of a file
which source you want05:21 -!- mode/#linode [+b *!*ryan@54.228.197.*] by akerl05:21 -!- mode/#linode [+ntc ] by ChanServ05:21 -!- ryan_ was kicked from #linode by akerl [ryan_]05:22 < akerl> Sorry, I was busy nomming05:24 -!- ssthormess [~c9f90a58@chat.linode.com] has joined #linode05:24 < kyhwana> well, LEO involvement just imply CC breaches. If there's any chance of a CC breach, i'd like to know so I can change my CC number05:24 < AlexC_> chesty: If they don't, they're stupid (and I don't like using that word to describe Linode after being with them for years!)05:24 -!- ryan| [~violator@37.235.49.168] has joined #linode05:24 < ryan|> quite rude of you05:24 < Ruchira_> hi ryan!:05:24 -!- azizur [~rahmaa09@gatek.mh.bbc.co.uk] has joined #linode05:24 -!- mode/#linode [+b *!*@37.235.49.*] by akerl05:25 < ssthormess> anyone works for linode here?05:25 -!- ryan| was kicked from #linode by akerl [ryan|]05:25 < chesty> and the cover up begins05:27 -!- root__ [~h@vmx13318.hosting24.com.au] has joined #linode05:27 -!- root__ is now known as ryan||05:27 < chesty> http://seclists.org/nmap-dev/2013/q2/305:27 < ryan||> Quite rude out of you05:27 < ryan||> To ban me like that05:28 < ryan||> akerl: Mind sharing what motivated your bans on me?05:28 < ryan||> Did I offend you by sharing the truth?05:29 < ryan||> Hey, you didn't go by our deal. What did you expect?05:30 < ryan||> I had a nice deal with linode staff that they don't share the fact that they got owned with anyone and we won't release info on their hack05:30 < ryan||> (including customer credit cards)05:30 < ryan||> which will now be released05:30 < AlexC_> ryan||: This is best sorted between you and Linode, if you could just let this channel get on to normalilty and support users that'd be great05:31 < ryan||> AlexC_: oh, but it's users data at stake here05:31 < scottymeuk> ryan||: if your going to release it, then why are you here? Nothing we can do to stop you.05:31 < ryan||> scottymeuk: why can't I stop by and talk05:31 < ryan||> Is that illegal?05:32 < ryan||> ssthormess: you don't care about the fact that it took linode staff about two weeks to tell their customers about the breach?05:33 < ssthormess> ryanll: no. I work with Citibank Chase and Bank of America and all three have zero customer liability.05:33 < Ruchira> ryan||: give us the link to cold fusion vulnerability that you are talking about 05:34 < ryan||> Ruchira: 0day05:34 < ryan||> linode staff apparently failed to deduce it themselves and relied on
chmodding CFIDE to 00005:36 < ryan||> (It's surprising that anyone is still running coldfusion, that's like connection a windows 98 box to the internet without a firewall)05:36 < ryan||> ssthormess: did you
reset your instance api keys?05:36 < ryan||> lish keys too?05:36 < ssthormess> ryanll: how I do that?05:37 < ryan||> Do you care about your data integrity?05:37 < ryan||> would you mind if your linode was hacked?05:37 < kyhwana> ohnoes, you have a public key!05:37 < ryan||> kyhwana: lish passwords were stored in plain text05:38 < ryan||> Last time I checked you couldn't disable password authnetication05:38 < ryan||> and linode staff didn't properly secure the screen setup lish uses so it allowed breaking out of lish to the host environment05:38 < ryan||> so someone using the same node as you being compromised would be enough for your server to be compromised05:38 < kyhwana> and who leaves a login into their box logged in on lish eh?05:38 < ryan||> Does it matter when you can break out to the host environment?05:39 < ryan||> And unless you changed your api key, someone can just change your boot configs to init=/bin/bash05:40 < gerryvdm_mbp> lish passwords were saved in plaintext?05:40 < ryan||> Yep05:40 < ryan||> so were the api keys (which could at least have been hashed)05:42 < ryan||> credit cards were encrypted, sadly both the private and public keys were stored on the webserver so that provides 0 additional security05:42 < AlexC_> If this is true, which I'm guessing it is, it's like finding out a good friend of many years has betrayed you I deeply hope that Linode provide full transparency on this05:42 < gerryvdm_mbp> are they hashed now?05:42 < ryan||> AlexC_: did they provide any transparency on the previous hacks?05:42 < ryan||> gerryvdm_mbp: probably not05:43 < AlexC_> ryan||: Not entirely, which was just wonderful05:43 < ryan||> I don't know, but seeing how long it took for linode staff to detect us. I doubt it05:43 < gerryvdm_mbp> i can understand php script kiddies storing passwords as plaintext, but a hoster.... that would be quite shocking05:43 < AlexC_> But if they don't give details this time, they are going to have to do something incredilble to keep me as a customer05:43 < ryan||> Well linode also had terribly
configured coldfusion05:43 < Ruchira> ryan||: I dont think linode would ever store lish passwords on plain text. 05:44 < ryan||> (adobe
manuals tell you to not allow public access to /CFIDE/, which linode did)05:44 < ryan||> Ruchira: oh but they did05:44 < gerryvdm_mbp> ryan|| how do you know this?05:44 < scottymeuk> gerryvdm_mbp: im pretty sure its one of the first things even script kiddles learn 05:44 < ryan||> Because I'm one of the people who hacked it?05:44 < Ruchira> ryan||: proof?05:45 < gerryvdm_mbp> you cant be a professional and not knowing how even hashing with salts is such a bad idea, but plaintext... that would be several levels of incompetence05:45 < ryan||> The zine is scheluded to be released on the first of may which will contain the full database05:45 < ryan||> Ruchira: I can get you the source code of the script that stores lish passwords05:45 < ryan||> sec05:45 < db> ryan||: which zine?05:45 < ryan||> let me find it, coldfusion is horrible to read05:45 < ryan||> db: htp505:47 < Ruchira> ryan||: first of the may? why?05:47 < ryan||> Ruchira: due to other content05:48 -!- ryan|| [~h@vmx13318.hosting24.com.au] has quit [autokilled: This host violated network policy. Mail support@oftc.net if you think this in error. (2013-04- 15 09:48:28)]05:48 < chesty> how has he violated network policy?05:48 < shmoon> even i am wondering05:49 < kyhwana> hacked box, obviously05:49 < scottymeuk> Because they want to try and hide it?05:49 < AlexC_> Not cool Linode, not cool05:49 < shmoon> man even i am afraid now :S05:49 -!- ryann [~25eb31a8@chat.linode.com] has joined #linode05:49 < Ruchira> wow 05:49 < ryann> Why are people so rude nowadays05:49 < ryann> glining me like that and stuff05:49 < ryann> Well akilling, little difference05:50 < chesty> someone doesn't want the truth to be known05:50 < ryann> Generally having to ban users is a clear sign of incompetence by the staff05:50 < AlexC_> Yep, which is *very* bad of Linode05:51 < AlexC_> I understand they may not want someone to disclose details like this, but the details *need* to come out. If Linode don't do it them selves, then they are fools05:51 < ryann> If linode had any way of proving that I'm not telling the truth they wouldn't be banning me05:51 < ryann> they'd be calling me out05:51 < chesty> ryann: so my linode has FDE, do you need to reboot in order to break in?05:51 < Ruchira> all the staff should be eyeing on this chat right now lol 05:51 < mikegrb> lulz05:51 < ryann> chesty, not necessary05:52 < AlexC_> Ruchira: I assume due to the lack of their presence, they are all huddled around a table discussing this05:52 < ryann> FDE will make it significantly harder, but you can still access the memory while it's running05:52 < rww> except for mikegrb, who is dilligently sitting here typing "lulz" every so often05:52 < rww> (yes, I know)05:53 < chesty> ah well, i made it harder, so I'm happy05:53 < ryann> btw05:53 < ryann> $dbhost = 'newnova.theshore.net';05:53 < ryann> $dbname = 'linode_forums';05:53 < ryann> $dbuser = 'linode';05:53 < ryann> $dbpasswd = 'cfr41qa';05:56 < ryann> gdi can't linode just use some normal language05:56 < ryann> Their
current source is horrible to read trough05:56 < Ruchira> ryann: the shore was abandoned long time ago. Im wondering why would they use that host name for a db host 05:57 < ryann> Ruchira, the forum is pretty old too05:57 < ryann> phpbb205:57 < ryann> <cfif ListLen(cgi.script_name, "/") gt 2 AND ListGetAt(cgi.script_name, 2, "/") eq "linode" AND NOT ListFind("index.cfm,linode_edit.cfm, linode_resize.cfm,label.cfm,cancel.cfm,dc_choose.cfm,su.cfm,pastdue.cfm", ListGetAt(cgi.script_name, 3, "/"))> <cfinclude template="/members/linode/common /dsp_topNav.cfm"> </cfif>05:57 < ryann> this code05:57 < ryann> It's so dirty I feel bad reading it05:58 < AlexC_> ryann: People have been bugging them to upgrade the forums for a long time05:59 < ryann> I like how linode does stuff like this05:59 < ryann> manager/controllers/Signup.cfc: var lsd = query("getLinodeSignupData", "SELECT FieldName, Fieldvalue FROM ln_LinodeSignupData WHERE LinodeSignupID = #ls.LinodeSignupID#").recordSet;05:59 < ryann> var lsd06:00 < AlexC_> ryann: So, are you saying CC details have also been compromised?06:00 < ryann> Yep06:00 < AlexC_> ryann: And you plan on releasing these?06:00 < ryann> They did try to encrypt them, but using public key encryption doesn't work if you have the public and private key in the same directory06:00 < AlexC_> Oh linode06:00 < shmoon> please dont get me wrong, can you hack someone's box here? so that its compeltely proved or something, i need to ge tback to work too. dont hack mine.06:00 < ryann> AlexC_, probably. Linode didn't hold on to their part of the deal06:01 < AlexC_> ryann: Sure, but there is no reason to compromise so many people06:01 < Ruchira> ryann: money deal?06:01 < ryann> Ruchira, "We won't share if you don't share"06:02 < ryann> But they contacted law enforcement, we were monitoring their communications and caught onto that though06:02 < Ruchira> so whats the point of hacking linode then?06:02 < ryann> Access to a couple of clients06:02 < ryann> nmap was just funny06:02 < Ruchira> bitcoin?06:02 < ryann> If I wanted bitcoins, I'd have went after softlayer and got mtgox06:02 < ryann> But money's boring06:03 < scottymeuk> Money is boring, i agree.06:03 < gerryvdm_mbp> bitcoin is money?06:03 < ryann> Well, it's not06:03 < scottymeuk> gerryvdm_mbp: naa06:04 < ryann> But what would you do with it besides exchange it to money?06:04 < scottymeuk> ryann: try to buy a linode on IRC06:04 < gerryvdm_mbp> store it 06:04 -!- ryann [~25eb31a8@chat.linode.com] has quit [Quit: CGI:IRC]06:05 -!- ryannn [~25eb31a8@chat.linode.com] has joined #linode06:05 -!- brennannovak [~brennanno@67-5-163-45.ptld.qwest.net] has joined #linode06:05 < ryannn> Bitcoins are quite useless, and besides storing bitcoins after stealing everything from mtgox would be pointless06:05 < Ruchira> ryannn: for what kind of "content" that you are waiting for?06:05 < ryannn> as bitcoin prices would permanently crash as the last bits of trust are gone06:06 < ryannn> Ruchira, other targets06:06 < Ruchira> to release it on may 106:06 < gerryvdm_mbp> only use i can think of it is exchanging pure services 06:06 < gerryvdm_mbp> but then again its an unnecessary layer06:06 < scottymeuk> gerryvdm_mbp: if it ever got mainstream, governments would find a way to control it anyway, so its pointless06:07 < gerryvdm_mbp> its a scheme, it cant get mainstream06:07 < ryannn> Bitcoins are mostly a lie anyways06:07 < scottymeuk> Regardless, if it got 'big', they would find a way06:07 < ryannn> They say there's no 'central weak point'06:07 < ryannn> Yeah there is, there's the developers06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.06:08 < ryannn> Nobody would figure it out until it's too late06:10 < scottymeuk> Id rather a bank control my money, so that if it all goes fucked up, there is atleast someone to blame.06:15 < gkmngrgn> hello, i forgot my password and linode's email reminder service doesn't work. i checked spam box but there's no email from linode.06:15 < shmoon> ryannn: can you give him the password?06:15 < scottymeuk> shmoon: damn you, you beat me to it!06:23 < ryannn> shmoon, sorry I only have the sources on my server06:23 < ryannn> db is on my desktop06:24 < scottymeuk> ryannn: so your not in this to do large scale damage, only after a few clients?
黑客声称已取得Linode所有信用卡信息
时间: 2024-10-21 11:57:30
黑客声称已取得Linode所有信用卡信息的相关文章
16岁黑客受指使盗窃6000张境外信用卡信息
通讯员 王夏迎 昨日,上海市长宁区http://www.aliyun.com/zixun/aggregation/31896.html">人民法院少年庭判决一起窃取.非法提供信用卡信息罪案件,16岁的被告人赵晨晨在 他人授意下攻击数个日本购物网站,窃取了6000余张信用卡信息,非法获利22000 余元,被判有期徒刑两年,缓刑两年,并处罚金20000元. 拜黑客为师"学艺" 赵晨晨是一所高职学校信息技术专业的学生,平常对专业勤于钻研,经常和 网友讨论.两 三年前,赵晨晨加
16岁黑客狂窃信用卡信息被判刑两年
中新网上海5月3日电(记者 陈静)记者今日获悉,上海长宁法院少年庭判决一起窃取.非法提供信用卡信息罪案件,年仅16岁的被告人赵晨晨在他人的授意下攻击数个日本购物网站,窃取6000余张信用卡信息,非法获利2万2千余元,被判有期徒刑两年,缓刑两年,并处罚金两万元. 赵晨晨是一所高职学校信息技术专业的学生,平常对专业勤于钻研,并在网络上结交各路好友,探讨"黑客"技术.据赵晨晨母亲说,他不喜欢出门与人沟通,天天埋在电脑前,是个典型的宅男. 两三年前,赵晨晨加入了一个黑客qq群,拜了一名&quo
少年黑客窃取信用卡信息被判有期徒刑两年
记者 周柏伊 通讯员 王夏迎 晚报讯 昨天,长宁法院少年庭判决一起窃取.非法提供信用卡信息罪案件,16岁的赵晨晨在他人的授意下攻击数个日本购物网站,窃取6000余张信用卡信息,非法获利2万2千余元,被判有期徒刑两年,缓刑两年,并处罚金两万元. 赵晨晨是一所高职学校信息技术专业的学生,喜欢和网友探讨"黑客"技术.据赵母说,赵晨晨天天埋在电脑前,是个典型的宅男.两三年前赵晨晨加入一个黑客QQ群,拜了一名"师父". "师父"给他讲授了许多黑客攻击的&q
DT科技评论第18期:黑客通过猜测Visa信用卡信息在六秒钟盗刷
DT科技评论 Data Technology Review 第 18 期 人民网研究院,阿里云研究中心 本期目录 Tenable 发布全球安全指数 川普表示软银将在美投资500亿美元 谷歌向公众开源AI训练平台 苹果宣布要对外公布AI研究成果 黑客通过猜测Visa信用卡信息在六秒钟盗刷 微软人工智能为盲人描述Word和PPT图像 Amazon Go免排队商店 微软开放Holographic,Hololens明年入华 美政府用一美元纸币打造出白宫之景 本田明年展示"有情感&qu
土耳其黑客因窃取信用卡信息被判入狱334年
土耳其一家法庭日前判决一名26岁的土耳其黑客入狱135年.该名黑客之前在2013年已获刑199年,两次判罚加在一起,他将面临334年的刑期. 这名黑客名叫奥努尔·科普卡克(Onur Kopcak),他的被控罪名是"大规模银行诈骗".他昨日承认自己窃取并出售了11套信用卡的资料. 科普卡克正在狱中服刑,他在2013年时与另外11名黑客因为窃取了43套信用卡的资料而被判入狱.他们主要是利用伪造银行网站的方式来获取受害人的登录信息. 与他犯下的罪相比,如此长的刑期似乎有些不合理,但这或许从某
出门刷卡要小心!一种可以从POS机终端收集信用卡信息的恶意软件出现了
本文讲的是出门刷卡要小心!一种可以从POS机终端收集信用卡信息的恶意软件出现了,Neutrino与其他恶意软件研发者一样,都希望他们所研发的恶意软件能够长期地被黑客利用并占据一定的市场份额,所以Neutrino不断出现新的变体就不足为奇了.其中比较知名的是Zeus,卡巴斯基实验室将其检测为Trojan-Spy.Win32.Zbot,每年都会产生新的变异.另外像Mirai,NJRat,Andromeda等恶意软件家族也都发展的比较迅猛. 在本文中,专家们会分析一种非常特殊的Neutrino变异体,
网信办回应信用卡信息泄露:要尽快立法
新华社"新华视点"栏目1月11日播发了<你的信用卡个人信息"只花5毛钱就能在网上买到"?--银行信用卡信息泄露调查>报道,引发社会广泛关注. 国家互联网信息办公室相关负责人接受"新华视点"记者专访时回应,针对个人信用卡等信息网络泄漏问题,我国将加快研究制订个人信息保护相关法律,加大对非法收集.泄露.出售个人信息行为的打击力度.监管部门还向社会公布了居民信息泄漏举报渠道:公民可通过"12377"举报电话等多种方式维权
从携程信用卡信息泄露事件谈网上支付安全
最近携程被爆信用卡信息泄露事件,事件内容:http://www.wooyun.org/bugs/wooyun-2010-054302 携程声明:http://pages.ctrip.com/commerce/promote/201403/other/xf/index.html 各种互联网大公司网站各种漏洞:http://www.wooyun.org/index.php 首先,用户通过携程订票在支付时,会将自己的信用卡支付信息在携程的页面中填写好,然后携程通过银行给的接口将表单信息传送给银行进行验
携程信用卡信息泄露的五个基本问题,别拿PCI DSS说事!
携程信用卡信息泄露事件昨日曝光后持续发酵,由于携程用户数量巨大,且在在线旅游业OTA行业树大招风,各路好汉番茄鸡蛋一起招呼,使得此事件大有闹剧化和狗血化趋势.一些不明真相的群众受到别有用心的煽动,开始对用卡安全产生担忧,以下安全牛不代表任何一方利益,仅仅摆一摆几个基本事实和问题: 一.在乌云平台上曝光的携程漏洞是什么? 携程用于处理用户支付的安全支付服务器接口存在调试功能,将用户的支付记录用文本保存了下来.同时因为保存支付日志的服务器未做校严格的基线安全配置,存在目录遍历漏洞,导致所有支付过程中