Dan Kaminsky gets hacked

Noted security professional Dan Kaminsky’s personal website was hacked into and personal information was stolen from his webserver and posted online on the eve of the Black Hat security conference. The stolen files included private emails between Dan and other security researchers.

Following is the cached result of Dan Kaminsky’s website which is currently offline.

Dan Kaminskys personal website hacked
Dan Kaminsky's personal website hacked

According to the note the hackers left on Dan’s website on doxpara.com/zf05.txt,

We hacked Dan’s assets first through finding bugs and writing 0day, and then through abusing him giving away passwords and his silly password scheme. Check out just some of his passes: fuck.hackers, 0hn0z (root account on his mail box), fuck.omg, fuck.vps, ohhai

Five character root password? Niiiiiiice.

From .mysql_history:

SET PASSWORD FOR ‘root’@’localhost’ = PASSWORD(’fuck.mysql’);

See the pattern?

The hackers also criticized Dan for using insecure blogging and hosting services that they used to host their websites and in turn allowing access to their personal data.

If you looked at Dan’s website, he used WordPress as his Content Management Solution and used the Dropshadow wordpress theme developed by Brian Gardner.

Dan Kaminsky using WordPress as his CMS
Dan Kaminsky using WordPress as his CMS

Looking at the theme, the last development occurred around April 2007. Could the hackers have used some vulnerability in the theme itself or did Dan have an insecure version of WordPress installed on his webserver? Either case, if you are using WordPress as your content management solution, it is important to think about WordPress security.

Similar Posts:

    1. Well, it just means that sometimes the best of the security gurus are vulnerable to the same kind of exploits and threats as everyone else. Guys like Dan Kaminsky and Kevin Mitnick who consult and provide security services to individuals or corporations to protect against these kind of attacks are also susceptible. It also means that there is no such thing as 100% secure and there is always room to improve and step up your security.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.