|
|
|
|
| |
The web site known as rootshell.com, was defaced on Wensday morning. The hack was noticed around 6:00am PST, when a user entered the web site and noticed that instead of the normal welcome page, there stood a strange text message.
The web site was allegedly hacked via the SSH daemon, which caused some alarm at many security agencies, due to the fact that most companies use SSH because of it is know to be highly secure. |
| |
Credit:
Rootshell.com's home page is: www.rootshell.com.
SSH's home page is: www.ssh.fi.
IBM's Emergency Team's home page is: http://www.ers.ibm.com/.
|
| |
Rootshell.com, a well known web site was found to be defaced with strange "encrypted" message (the hacked version can be found at: http://www.rootshell.com/hacked_sites/www.rootshell.com/). It was first speculated that hackers might have entered via any of following services which ran on the server: ssh, qmail and apache. This in turn became an "attack" against SSH which was the prime suspect (After every other service seemed to be unexplainable).
This caused IBM to post out an alert for a possible exploitable vulnerability in SSH's logging functions. Later it was revealed that the exploit was unreproducible and which made it unlikely that this was the exploit used to enter Rootshell.com (IBM also denounced the alert) , SSH Communication Security later revealed that there might be a possible exploit the way SSH handles kerberos based requested. But still the mystery of how Rootshell.com was hacked stays.
|
|
|
|
|
|
|
|
|
|
