Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Embassy passwords pulled down
Published: 2007-09-05

Swedish security professional Dan Egerstad digitally disappeared for nearly 24 hours on Wednesday.

The hacker -- who posted 100 usernames and passwords for sensitive e-mail accounts at embassies, political groups and corporations last week -- inexplicably lost cell phone and Internet service on Tuesday night, and his Web site, DerangedSecurity, was pulled down following a complaint to his Web hosting provider about the password list, he said.

"Apparently, someone complained so they shut my site down," Egerstad said on Wednesday in an interview with SecurityFocus. "That is not a problem, because I have many servers of my own."

Last week, Egerstad posted the e-mail addresses and passwords for 100 accounts belonging to staff members at several embassies, political groups and companies. The list also included the numerical Internet addresses of the e-mail servers used by each account. On Wednesday, Egerstad claimed to have more than 1,000 account credentials in total, exposed by a flaw in the configuration of common security software.

"The (users) think the software is making all their Web activity secure, when it is exactly the opposite," he said.

Egerstad plans to go public with the flaw within the next couple of days, saying that some researchers have already figured out the problem. At publishing time, Egerstad's Web site was not online, but he had both cell phone and Internet service back.

"It's been a crazy 24 hours," he said.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:
Embassy passwords pulled down 2007-09-05
Farbror Vattenmelon
Embassy passwords pulled down 2007-09-07
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus