Lisa Kachold
2011-02-11 08:04:48 UTC
We have had a regular problem with the same LAYME hackfest announcement
(that had been edited in a vandalized way at some point last year) being
replaced over current Hackfest news and updates, even sometimes minutes
after the page has been changed by our group.
At one point the day of the week kept being changed.
We believe this is someone with admin access who is hijacking regular users
to obfuscate their own access. Recently the log entries have been deleted
also. For instance I have edited the page 4 times in the past week, even
deleting it completely and it keeps reverting back to the same old content.
NOTE: I have blocked the user ***@godaddy.com due to page edits to the
Hackfests listings (always returning it to the same old listing) that now
strangely contained UTF-8 and other unusual content.
Hackfest - Security Lab <http://plug.phoenix.az.us/node/3195>
Eventobnosis<http://plug.phoenix.az.us/user/476>
publishededit<http://plug.phoenix.az.us/node/3195/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Hackfest - Security Lab <http://plug.phoenix.az.us/node/3193>
Eventobnosis<http://plug.phoenix.az.us/user/476>
publishededit<http://plug.phoenix.az.us/node/3193/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
HackFest - Linux Security Team <http://plug.phoenix.az.us/node/2459> Event
obnosis <http://plug.phoenix.az.us/user/476>published
edit<http://plug.phoenix.az.us/node/2459/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Linux Security Team Lab <http://plug.phoenix.az.us/node/3144>
Eventobnosis<http://plug.phoenix.az.us/user/476>
publishededit<http://plug.phoenix.az.us/node/3144/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Linux Security Team LAB <http://plug.phoenix.az.us/node/3112> Event
godaddy.com <http://plug.phoenix.az.us/user/490>published
edit<http://plug.phoenix.az.us/node/3112/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Hackfest - Security Lab <http://plug.phoenix.az.us/node/3142>
Eventobnosis<http://plug.phoenix.az.us/user/476>
publishededit<http://plug.phoenix.az.us/node/3142/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Remote Linux Administrator Entertainment Company
California<http://plug.phoenix.az.us/node/3141>
Pageobnosis <http://plug.phoenix.az.us/user/476>
publishededit<http://plug.phoenix.az.us/node/3141/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Hackfest - Security Lab <http://plug.phoenix.az.us/node/3140>
Eventobnosis<http://plug.phoenix.az.us/user/476>
published
Ted Weis
Technical Recruiter
Godaddy.com
480-366-3643
User godaddy.com was not an admin - so someone with admin access might have
escalated this access, then used this entry to edit from, and then returned
it back to basic. Those actions were not logged.
Updating log settings now; checking for backup/restore actions also.
Here's the OUTDATED VERSION that keeps getting placed back in print; it's
possible that someone has a site setup to restore this version BACK over
this content, say from Ryan's or Tuna's sites?
Monthly security presentation labs, with open community participation occur,
on the Second and Third Saturday of every month in Chandler at
Ganglplankhq.com. This interactive lab and presentation format covers
industry news, specific protection issues in linux, ongoing industry tool
development, RFC scripts, exploits and net neutrality.
Ethical and legal, as well as liability aspects of security testing are
covered as we investigate the strange world of computer insecurity from our
powerful Penguin perspectives.
One of the agreed upon HackFest goals is to put together a hackfesting team
interested and good enough to compete at DefCon.
Hackfests are specially scheduled demonstrations that include open member
participation hacking, cracking, exploits and IDS. Quarterly Hackfests are
open encroachment events with designated targets, to include shared network
insecurity of the most extreme style. Participation Hackfests therefore
require pre-registration. Extensive setup and tear down, forensics and IDS
are required by volunteers, therefore Hackfests are limited to make the best
experience for all attendees.
Hack test your installations, networks, and program source using Linux
Security distro tools. (Arrangements are happily accepted to coordinate
extra credit with local College teachers.)
Meeting facilities generously provided by
Gangplankhq.com<http://maps.google.com/maps?q=gangplank&hl=en&cd=1&ei=zDpKTM67G4PuoATj_syBAQ&sig2=B2Mqr-poIoyMVyvbifmnig&sll=33.302903,-111.778878&sspn=0.009531,0.150703&ie=UTF8&view=map&cid=8705411617655272523&ved=0CCAQpQY&hq=gangplank&hnear=&ll=33.299973,-111.841673&spn=0.003847,0.007183&t=h&z=18&iwloc=A>in
Chandler.
Plan on being able to use live CDs, or USB jump drives to follow along, if
you bring your laptop to monthly presentations, open network access is
unlimited. All network equipment is monitored for security and all attendees
agree to announce each flag and notify someone with Gangplank or PLUG of any
security encroachment or aggressive exploits outside of our stated missions.
There is an open call for Samari, DVL, Backtrack or other Security Distro
(subject) presentations and participants, especially for IDS and forensics
during Quarterly HackFests.
Vaio presentation system generously provided by obnosis<http://www.obnosis.com/>
.
September's BT4 (Kachold) Presentation <http://www.obnosis.com/bt4.html>
October's 802.11 Wireless BT4 (Kachold)
Presentation<http://www.obnosis.com/Layer8Wireless.html>
November's SSLStrip MP4 (Fields)
PresentationA<http://www.obnosis.com/SSLStrip.MP4>
SSLStrip PPT (Fields) PresentationB <http://www.obnosis.com/SSLstrip.ppt>
Please see http://www.linuxgazette.com July "Layer 8 Linux Security"
Puppet article for the lab presentation materials.
http://linuxgazette.net/165/kachold.html
(that had been edited in a vandalized way at some point last year) being
replaced over current Hackfest news and updates, even sometimes minutes
after the page has been changed by our group.
At one point the day of the week kept being changed.
We believe this is someone with admin access who is hijacking regular users
to obfuscate their own access. Recently the log entries have been deleted
also. For instance I have edited the page 4 times in the past week, even
deleting it completely and it keeps reverting back to the same old content.
NOTE: I have blocked the user ***@godaddy.com due to page edits to the
Hackfests listings (always returning it to the same old listing) that now
strangely contained UTF-8 and other unusual content.
Hackfest - Security Lab <http://plug.phoenix.az.us/node/3195>
Eventobnosis<http://plug.phoenix.az.us/user/476>
publishededit<http://plug.phoenix.az.us/node/3195/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Hackfest - Security Lab <http://plug.phoenix.az.us/node/3193>
Eventobnosis<http://plug.phoenix.az.us/user/476>
publishededit<http://plug.phoenix.az.us/node/3193/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
HackFest - Linux Security Team <http://plug.phoenix.az.us/node/2459> Event
obnosis <http://plug.phoenix.az.us/user/476>published
edit<http://plug.phoenix.az.us/node/2459/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Linux Security Team Lab <http://plug.phoenix.az.us/node/3144>
Eventobnosis<http://plug.phoenix.az.us/user/476>
publishededit<http://plug.phoenix.az.us/node/3144/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Linux Security Team LAB <http://plug.phoenix.az.us/node/3112> Event
godaddy.com <http://plug.phoenix.az.us/user/490>published
edit<http://plug.phoenix.az.us/node/3112/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Hackfest - Security Lab <http://plug.phoenix.az.us/node/3142>
Eventobnosis<http://plug.phoenix.az.us/user/476>
publishededit<http://plug.phoenix.az.us/node/3142/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Remote Linux Administrator Entertainment Company
California<http://plug.phoenix.az.us/node/3141>
Pageobnosis <http://plug.phoenix.az.us/user/476>
publishededit<http://plug.phoenix.az.us/node/3141/edit?destination=admin%2Fcontent%2Fnode%3Fpage%3D7>
Hackfest - Security Lab <http://plug.phoenix.az.us/node/3140>
Eventobnosis<http://plug.phoenix.az.us/user/476>
published
Ted Weis
Technical Recruiter
Godaddy.com
480-366-3643
User godaddy.com was not an admin - so someone with admin access might have
escalated this access, then used this entry to edit from, and then returned
it back to basic. Those actions were not logged.
Updating log settings now; checking for backup/restore actions also.
Here's the OUTDATED VERSION that keeps getting placed back in print; it's
possible that someone has a site setup to restore this version BACK over
this content, say from Ryan's or Tuna's sites?
Monthly security presentation labs, with open community participation occur,
on the Second and Third Saturday of every month in Chandler at
Ganglplankhq.com. This interactive lab and presentation format covers
industry news, specific protection issues in linux, ongoing industry tool
development, RFC scripts, exploits and net neutrality.
Ethical and legal, as well as liability aspects of security testing are
covered as we investigate the strange world of computer insecurity from our
powerful Penguin perspectives.
One of the agreed upon HackFest goals is to put together a hackfesting team
interested and good enough to compete at DefCon.
Hackfests are specially scheduled demonstrations that include open member
participation hacking, cracking, exploits and IDS. Quarterly Hackfests are
open encroachment events with designated targets, to include shared network
insecurity of the most extreme style. Participation Hackfests therefore
require pre-registration. Extensive setup and tear down, forensics and IDS
are required by volunteers, therefore Hackfests are limited to make the best
experience for all attendees.
Hack test your installations, networks, and program source using Linux
Security distro tools. (Arrangements are happily accepted to coordinate
extra credit with local College teachers.)
Meeting facilities generously provided by
Gangplankhq.com<http://maps.google.com/maps?q=gangplank&hl=en&cd=1&ei=zDpKTM67G4PuoATj_syBAQ&sig2=B2Mqr-poIoyMVyvbifmnig&sll=33.302903,-111.778878&sspn=0.009531,0.150703&ie=UTF8&view=map&cid=8705411617655272523&ved=0CCAQpQY&hq=gangplank&hnear=&ll=33.299973,-111.841673&spn=0.003847,0.007183&t=h&z=18&iwloc=A>in
Chandler.
Plan on being able to use live CDs, or USB jump drives to follow along, if
you bring your laptop to monthly presentations, open network access is
unlimited. All network equipment is monitored for security and all attendees
agree to announce each flag and notify someone with Gangplank or PLUG of any
security encroachment or aggressive exploits outside of our stated missions.
There is an open call for Samari, DVL, Backtrack or other Security Distro
(subject) presentations and participants, especially for IDS and forensics
during Quarterly HackFests.
Vaio presentation system generously provided by obnosis<http://www.obnosis.com/>
.
September's BT4 (Kachold) Presentation <http://www.obnosis.com/bt4.html>
October's 802.11 Wireless BT4 (Kachold)
Presentation<http://www.obnosis.com/Layer8Wireless.html>
November's SSLStrip MP4 (Fields)
PresentationA<http://www.obnosis.com/SSLStrip.MP4>
SSLStrip PPT (Fields) PresentationB <http://www.obnosis.com/SSLstrip.ppt>
Please see http://www.linuxgazette.com July "Layer 8 Linux Security"
Puppet article for the lab presentation materials.
http://linuxgazette.net/165/kachold.html
--
(503) 754-4452
(623) 688-3392
http://www.obnosis.com
*Catch My MetaSploit & IP CAM Surveillence
Presentations @ ABLEConf.com in April!*
(503) 754-4452
(623) 688-3392
http://www.obnosis.com
*Catch My MetaSploit & IP CAM Surveillence
Presentations @ ABLEConf.com in April!*