Defacements Statistics 2010: Almost 1,5 million websites defaced, what's happening?
06/01/2011 Written by Marcelo Almeida (Vympel), Boris Mutina (Minor)
Last year the Zone-H archived a sad record number, we archived 1.419.203 websites defacements.
Why and how this is happening?
If you are looking at on the stats, the things remain the same: file inclusion, sql injection, webdav attacks and shares misconfiguration are still at the top ranks of the attack methods used by the defacers to gain first access into the server. As an important factor influencing the stats we consider the fact that last year brought a very high number of the local linux kernel exploits.
Since many years ago, Linux became the most used OS for webservers and of course the preferred target for the defacers. Last year we archived 1.126.987 attacks against websites running on the Linux systems. The most used exploit by the defacers is the CVE-2010 – 3301,
that was fixed in 2007 and was mysteriously reintroduced in 2008, in a large pile of kernel versions x86_64.
But should be the out-of-date Linux server the only reason of this huge amount of defacements?
Yes and no.
Notes on the Wikileaks case
10/12/2010 Written by Minor
First of all, we would like to emphasize that Zone-H is not related to any party in the Wikileaks case. We are do not agree nor disagree with any action happened, we just want to share our opinion on the forthcomming events. Already many news media released information about the cables, sources, how it happened etc.
But now, it is clear that the Wikileaks will not stop to publish the cables. There are plenty of the mirrors all around the globe and information are shared over the Facebook and Twitter. Also the arrest of Julian Assange can’t stop the day-by-day publishing of the cables. Whole case raises more questions, some cannot be answered. Like first one: how is it possible that Bradley Manning was able to get 250k of cables? As from the Guardian article, he had “unprecedented access to classified networks 14 hours a day 7days a week for 8+ months”.
Defacements Statistics 2008 - 2009 - 2010*
27/05/2010 Written by Marcelo Almeida (Vympel)
When Zone-H started back in 2002, we were receiving an average of 2500 defacements monthly, this number keeps on increasing year after year. For example, the last month we registered over 95.000 defacements, while we only had 60.000 in 2009 for the same period.
What we can also say from these numbers is that the methods used are still the same: most of the vulnerabilities exploited are on web applications. We also know from what we monitored that registrar attacks greatly increased the past years even if this number is quite low compared to the total of attacks. But not only web applications are guilty, as poor local system security on various web hostings usually allow crackers to get full access to the servers.
Twitter and Baidu hijacked by "Iranian Cyber Army"
13/01/2010 Written by Kevin Fernandez (Siegfried)
You probably read that story somewhere last month, on December 17 2009 Twitter’s homepage has been replaced by this message:
“Iranian Cyber Army
THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY
iRANiAN.CYBER.ARMY@GMAIL.COM
U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To….
NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST ;)
Take Care.”
They “simply” hacked their registrar (dyndns) and modified their DNS entries.
Yesterday the Baidu homepage, China’s n°1 search engine, got defaced by the same attacker and with the same method, but this time register.com was the vulnerable registrar.
E2-labs' project Ethan dissected. Anatomy of a franchise proposal based on non-existing partnerships (UPDATED)
22/11/2009 Written by Roberto Preatoni
In case you didn’t understand, this is the solution of our *crypto* jeopardy game posted in the last news.
We received a notice that on WikiLeaks somebody uploaded an interesting document. It’s a PDF file, called Project Ethan (after Tom Cruise’s Mission Impossible caracther?) and it refers to E2-labs very recent plans to open in India an educational and IT security franchise network. We downloaded the document and we found some very interesting information in it, regarding E2-labs future plans and how the name of Zone-H (and a few others) was used to back up the whole plan to convince possible investors to invest money in Mr. Zaki Qureshey expansion plans. Needless to say, Zone-H was never informed about such plans and never gave any consent to be included in it.
The document is a financial investment porposal, made up by 28 pages. It seems to be written by Grant Thornton, a well-known financial advisor company. We have no doubt that the document was originally produced by such company, it’s too well structured, E2-labs and Zaki Qureshey definitely don’t posses the business skills to do that. Nevertheless, the document it’s filled by improper statements. We don’t think that Grand Thornton did it on purpose, we just imagine the situation where they were given some statements and material by Zaki Qureshey and they granted it for real, without verifying it. And that is bad, after all, the entire businell proposal carry their name.
The result is a well written document meant to attract possible investors, backed up by Grant Thornton name, which sounds to the ears of possible investors as a guarantee that it is referring to a serious proposal. This is probably the reason why E2-Labs Mr.Zaki Qureshey decided to invest some money to look for Grant Thornton advocacy. Just another case to use somebody’s name for his plans.
In this article, we are going to show some excerpts from that document, followed by some of our comments. Why did we decide to make this document public? Because that document is yet another example of Mr. Zaki Qureshey unethical business practices and because it’s involving directly my an Zone-H name and because this is the only way we have to make clear to the general public that we have nothing to do with Mr. Zaki Qureshey bogus proposals.