How FinFisher was hacked (discussion)

[clownjugglar]

[YCombinator News]

[Reddit Discussion]

Pretty neat little write up, A nice reminder about SQL Injection and general netsec.

edit: Also mentions about buying a VPS with Bitcoin to use to do the dirty deeds from. Anyone ever catch anyone doing this?

edit 2: I don't condone hacking. I didn't write the article. I'm not affilated with VPSBoard, but I am pretty sure they don't condone hacking. This post does NOT reflect the views of any provider here. 

edit 3: removed direct link to article to make the world a safer place /s. find it elsewhere.

 

[Aldryic C'boas]

A better write up for here would've been 'How to prevent'.  This isn't the place for encouraging illicit activity, nor does any provider here wish to be associated with such for being a VPSB member.

 

[clownjugglar]

How is this encouraging illicit activity?

edit: I suppose the article itself would be encouraging it.

I guess I was expecting some mature conversation such as that found @ HN ( https://news.ycombinator.com/item?id=8167089 ) or the reddit discussion.

None of those were 'small security holes'. SQL injection on your website? Unnecessary ports open and known vulnerabilities on a public facing server? This is embarrassing for a company that apparently focuses on security.

 

[Aldryic C'boas]

I'm writing this to demystify hacking, to show how simple
it is, and to hopefully inform and inspire you to go out and hack shit.

As long as you follow common sense like never do anything hacking related
outside of Whonix, never do any of your normal computer usage inside Whonix,
never mention any information about your real life when talking with other
hackers, and never brag about your illegal hacking exploits to friends in real
life, then you can pretty much do whatever you want with no fear of being v&.

This isn't a `how to protect yourself` guide... it's a `how to fuck someone else over` tutorial.  Illicit, immoral, and prohibited by practically every provider that has representation here.  On top of that, you're going to have wannabe skids see this thread, see the provider advertisements to the side, and assume that VPSB is some cesspit like HackForums where the advertised providers permit this type of activity.  I know I sure as hell don't want people to see this crap, think we allow it from our network, and have them try to sign up with us.

Want to be a hacker?  Join a C|EH program or other whitehat organization.  Blackhat activity will bring you nothing but trouble here.

 

[lbft]

IMHO knowing how attackers work is extremely helpful in learning ways to defend against them, and being familiar with the basic uses of some of the tools they use can be a useful sanity check on your own security.

 

[clownjugglar]

IMHO knowing how attackers work is extremely helpful in learning ways to defend against them, and being familiar with the basic uses of some of the tools they use can be a useful sanity check on your own security.

This is what I was going for. I didn't write the article, I don't hack or condone hacking. Should I add that to the OP? Yes the article is blackhat, I see that. I don't think MY post here to VPSBoard condones hacking. The blackhat text, yes, mine no.

I usually lurk, and see alot of variety of posts here and thought i'd share. I'll update OP a bit. edit: updated.