Author : Pierluigi Paganini on 12/16/2012 08:48:00 PM
In November I was contacted for first time by the Egyptian Hacker named ViruS_HimA who announced me to have hacked into Adobe servers and leaked private data.
The hacker violated Adobe servers gaining full access and dumping the entire database with more of 150,000 emails and hashed passwords of Adobe employees and customers/partner of the firm such as US Military, USAF, Google, Nasa DHL and many other companies.
ViruS_HimA specifically addressed the inefficient and slow patch management process that leaves exposed for long period “big companies”.
“When someone report vulnerability to them, It take 5-7 days for the notification that they’ve received your report!! It even takes 3-4 months to patch the vulnerabilities! Such big companies should really respond very fast and fix the security issues as fast as they can.”
Like , we reported two days before that one month old reported critical vulnerability of account hijacking in Outlook and Hotmail is still working and Microsoft is not in any mood to fix it soon.
In a blog post, Adobe confirm that their “Adobe Connect conferencing service” forum was compromised and that the its database belongs only to the forum. Adobe also confirmed that “not appear that any other Adobe services effected”
The attack wasn’t politically motivated, ViruS_HimA desired to demonstrate how much vulnerable are also big enterprises such as Adobe, one of the most important company in IT landscape that leaks of a proper security defense. In that occasion the hacker anticipated a new striking attack against Yahoo.
“Don’t be like Microsoft,Yahoo security teams!! but be like Google security team” Qouted from Hima. As promised, the day has come, Yahoo data was stolen by Virus_Hima, that published the announcement on Pastebin and also on AnonPaste.
In the first part of the post the hacker confirm to be a single individual with ethical intents, he is a passionate penetration tester that already found tens of 0-days vulnerabilities in big web sites such as Adobe/Micorsoft/Yahoo/Google/Apple/Facebook and many more.
The hacker doesn’t desire to damage the business of any company, he declared: “I’ve published only little records for Adobe and I will never use/share/sell/publish Adobe/Yahoo data/exploits anywhere”
The situation appears paradoxical, according Virus_Hima the Yahoo company never replied to his alerts demonstrating the low attention to security questions : “So i decided to teach both of them a hard lesson to harden them security procedures. It would make a disaster if such companies vulnerabilities was privately used in the underground and they never know about it! not only their customers been affected but the vendors themselves also suffer from such exploits. Adobe acrobat/flash, Yahoo data leak of that 400k emails, and that hotmail remote password reset vulnerabilities is an example.. “
The hacker to be credible decided to leak critical emails such as military ones to force companies to take action. He highlighted that acting in this was obtained a fast response, just one day, in the past when in similar situation he alerted the victims, the enterprises have released a patch in 3 or 4 months.
Following the proofs of the hack proposed by the Egyptian hacker:
1.) Leaks contains: Full files backup for one of Yahoo domains!! [Lead to full access on the server of that domain] Full access to “12” of Yahoo Databases!! [Lead to full access on the server of that domain] Reflected-XSS(Cross Site Scripting) vulnerability.
2. ) Hints for DB’s names: Pr***tionH**s, k*az*y << fair eh?
3.) XSS(Cross Site Scripting) vulnerability :
The hacker desires also to inform the readers that he never sold Yahoo exploit before, the guy that done it in the past for 700$ is a different person.
“I’m not the one on the news who is selling the Yahoo xss for 700$, you may noticed that his name is “TheHell” idk why that krebsonShitz is linking me to that attack! why i don’t sell things I got here? while it’s awesome stuff not just XSS!!! 2- I’m not planning to do any more leaks soon!”
ViruS_HimA is a good guy that lives for security and believes in what he does, I consider this hacks very useful for the victims, a lesson to learn, an opportunity to make treasure of errors that everyone could commit.
The real error in cases like this is to remain deaf to the alarms, Vurus_HimA closed the saying: “Always be proactive not reactive in safeguarding your critical data.”