I worked for one of the largest Canadian security company for 5 years, and my full time job was testing firewalls. Basically I had to hack personal desktop firewalls, compare them, and present result. I know some things about security and I wanted to give you
some input here.
As we all saw few days ago DNForum was taken down/hacked call it anything you want.
For online community like ours it is a very bad thing that the forum was hacked, our
personal information was compromised. What most of the people donât realize is that
it is actually very good that the site was defaced, and I will explain you in more detail why it is very very good that defacing of the site actually occurred without going into details how it was done.
When actual unauthorized activity happens and a bad guy has access to your server there are three scenarios that apply:
a. Hacker keeps low profile - he will have access to all the information on the server including private records, this information will be used against the users. hacker wants to gain as much as possible information in order to use this information for as long as possible to his advantage. Hacker will never try to give any hint that he is actually present on the server, he doesnât want anybody to know that he is present
b. Hacker accesses the server, and instead of keeping low profile this person announces to the world that he exists by destroying information
c. Combination of a and b â hacker kept low profile for some time, he has information
and all the records downloaded to his storage device, and now he is loosing control of the
future malicious activity by choosing to announce to the world his existence by defacing the site.
We all witnessed that DNforum.com was defaced 2 days ago. At this point we donât know for sure, and may never know what scenario applies to this particular malicious case. At this point we are very lucky that scenario A doesnât apply to dnforum.com. Scenario A is very dangerous, because the guy could have our records and passwords for a very long time and we would never know about that activity because he would never deface the site.
When hackers deface the site is good because it gives 100% indication to the site management that unauthorized access actually took place. After defacing administrators reinstall all the software, and check all security settings. At this point everyone 100% sure that there is no parts of the server compromised and organization can start operations.
My understanding that we have case b here, which is the best, but I might be wrong and hacker might have our records. If this is the case we will hear pretty soon about hacked paypal, and registrar accounts. In any case we all have to go and change our passwords. Adam says that non of the DB files were accessed.
