| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <46EFF4E4.7030609@snosoft.com> Date: Tue, 18 Sep 2007 11:55:16 -0400 From: Simon Smith <simon@...soft.com> To: auto176343@...hmail.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Media Defender pwned big time -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This was originally reported to Daily Dave by bbinger123@...oo.com. auto176343@...hmail.com wrote: > After the email leak[1], a phone call was leaked[2], allegedly > between Ben Grodsky of Media Defender and New York State General > Attorney. > > here is a teaser transcript: > > Ben Grodsky: "Yeah it seems...I mean, from our telephone call > yesterday it seems that uhm... we all pretty much came to the > conclusion that probably was ehm... caught in the email > transmission because the attacker, I guess what you call, the > Swedish IP, the attacker uhm... knew the login and the IP address > and port uhm... but they weren't able to get in because we had > changed the password on our end, you know, following our normal > security protocols uhm... when we are making secure transactions > like these on the first login we'll change the password so, > obviously, well not obviously but, it seems that, most likely > scenario is that, at some point that email was ehm... intercepted. > You know just because it is,.. probably it was going through the > public Internet and there wasn't any sort of encryption key used to > ehm... protect the data in that email." > > Ben Grodsky: "...if you guys are comfortable just communicating > with us by phone, anything that is really really sensitive we can > just communicate in this fashion..." > > Ben Grodsky: "OK [confused, taking notes]. So, you are gonna > disable password authentication and enable public key?" > > Ben Grodsky: "...that part has... has not been compromised in any > way. I mean, the communications between our offices in Santa Monica > and our data centers have not been compromised in any way and all > those communications to NY, to your offices, are secured. The only > part that was compromised was...was the email communications about > these things." > > Ben Grodsky: "...All we can say for sure Media Defender's mail > server has not been hacked or compromised..." > > [in answer to the question "What kind of IDS you guys are running?"] > Ben Grodsky: "Ehm...I don't know. Let me look into that." > > > [1] http://torrentfreak.com/mediadefender-emails-leaked-070915/ > [2] http://thepiratebay.org/tor/3809004/MediaDefender.Phonecall-MDD > > -- > Orlando Vacations - Click Here! > http://tagline.hushmail.com/fc/Ioyw6h4eQYIUh5GP6TXBJkrbGXtVy6e3wl8YMoCtnDIhNerwr43Wv2/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ - -- - - simon - ---------------------- http://www.snosoft.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFG7/Tjf3Elv1PhzXgRAtrQAKDMH3IrVmuu+A7vOB2fHDO/gYrfdwCfSDbQ 2b9dYRSE+Q8TqXYcpspgNY4= =ma9i -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists