Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Rik Ferguson, senior security advisor at Trend Micro, wrote on the Countermeasures blog that a group calling itself Anti-Sec exploited the site with a declaration posted to the full-disclosure mailing list.Ferguson said: “The effect of the attack was to replace many of the hosted images with a single (amusingly titled) image containing the Anti-Sec manifesto. ImageShack was a particularly effective site to target as so many third-party sites use images that are actually hosted on ImageShack.”The declaration claimed that Anti-Sec is a ‘movement dedicated to the eradication of full-disclosure' and it wanted to give everyone an image of what it was about.The statement read: “Full-disclosure is the disclosure of exploits publicly - anywhere. The security industry uses full-disclosure to profit and develop scare-tactics to convince people into buying their firewalls, anti-virus software and auditing services.“It is our goal that, through mayhem and the destruction of all exploitive and detrimental communities, companies and individuals, full-disclosure will be abandoned and the security industry will be forced to reform.”ImageShack responded by acknowledging that it was compromised by a hacking group. A statement on the site said: “On July 10th, at approximately 8 pm PST, ImageShack's services were compromised by a hacking group. Within a minute, our security systems had identified suspicious activity. We learned that the group had gained control of how images were being displayed. Before 9 pm PST, normal functionality had been restored to user images. No user data or content was damaged or lost.”It claimed that only a fraction of the servers were affected, so it was able to isolate and remove the issue very quickly. It also claimed to be actively conducting a full audit of its security measures and was hardening its systems.“It is Anti-Sec's belief, it seems, that the security industry supports full-disclosure (of things like vulnerabilities that lead to zero-day exploits, for example) because it allows the industry in general to develop scare tactics aimed at generating profits," said Ferguson.“No mention then of the security industry designing proactive protection mechanisms to help people and businesses avoid serious financial and personal damage? No mention of full-disclosure allowing security organisations to mitigate against attacks before they are exploited in the wild? No mention of organised crime profiting from undisclosed vulnerabilities?"Even though I'm usually a sucker for a manifesto, this just made me think of the wacky end of the survivalist spectrum, heading for the hills with their tins of beans and their AK-47s (and now SQLi).” See original article on scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.