lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 18 Sep 2007 03:53:56 +0100
From: <auto176343@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: Media Defender pwned big time

After the email leak[1], a phone call was leaked[2], allegedly 
between Ben Grodsky of Media Defender and New York State General 
Attorney.

here is a teaser transcript:

Ben Grodsky: "Yeah it seems...I mean, from our telephone call 
yesterday it seems that uhm... we all pretty much came to the 
conclusion that probably was ehm... caught in the email 
transmission because the attacker, I guess what you call, the 
Swedish IP, the attacker uhm... knew the login and the IP address 
and port uhm... but they weren't able to get in because we had 
changed the password on our end, you know, following our normal 
security protocols uhm... when we are making secure transactions 
like these on the first login we'll change the password  so, 
obviously, well not obviously but, it seems that, most likely 
scenario is that, at some  point that email was ehm... intercepted. 
You know just because it is,.. probably it was going through the 
public Internet and there wasn't any sort of encryption key used to 
ehm... protect the data in that email."

Ben Grodsky: "...if  you guys are comfortable just communicating 
with us by phone, anything that is really really sensitive we can 
just communicate in this fashion..."

Ben Grodsky: "OK [confused, taking notes]. So, you are gonna 
disable password authentication and enable public key?"

Ben Grodsky: "...that part has... has not been compromised in any 
way. I mean, the communications between our offices in Santa Monica 
and our data centers have not been compromised in any way and all 
those communications to NY, to your offices, are secured. The only 
part that was compromised was...was the email communications about 
these things."

Ben Grodsky:  "...All we can say for sure Media Defender's mail 
server has not been hacked or compromised..."

[in answer to the question "What kind of IDS you guys are running?"]
Ben Grodsky:  "Ehm...I don't know. Let me look into that."


[1] http://torrentfreak.com/mediadefender-emails-leaked-070915/
[2] http://thepiratebay.org/tor/3809004/MediaDefender.Phonecall-MDD

--
Orlando Vacations - Click Here!
http://tagline.hushmail.com/fc/Ioyw6h4eQYIUh5GP6TXBJkrbGXtVy6e3wl8YMoCtnDIhNerwr43Wv2/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ