So I was looking over the forums when what was once picture of a work in progress (WIP) was replaced by THIS:

http://www.patrick-schaffer.com/DrakenViator/TG/RandomStuff/ImagesHack_B.png

On further looking two or three WIP's had been replaced by this same 'image' or rather manifesto. Each copy is a fully diffrent link and it almost looks like whoever took charge just replaced every image on ImageShack with this rant. I tried a few news sights but nothing is listed at this time. Does any one have any clue as to what is going on?

~ Draken

You should have hosted this image with ImageShack. What's the worst that could happen? :p

Aye now we are getting somewhere!

Found some info on the ImageShack Forums... (http://forum.imageshack.us/forum/showthread.php?t=1180) All times are GMT


Today, 02:19 AM gwenhaven
Junior Member Join Date: Jul 2009 Posts: 1

It's definitely been hacked now, by Antisec. Bastards messed with my image files and slipped their own image in so it filled my forum where I was posting images with their crap.
Not using this hosting site any more. sad.



#4 Old Today, 02:21 AMgeisha_punk
Junior Member Join Date: Jul 2009
Location: the windy city Posts: 5

Yeah I go on message boards where most images are uploaded from here cause it's reliable but now since it's been hacked, allllllllll those images are replaced with that stupid message. It's horrible, the forums I frequent have that nasty image.



#5 Old Today, 02:31 AM iBorg
Junior Member Join Date: Jul 2009 Posts: 4

So...basically we're out of luck?



#6 Old Today, 02:39 AM dewdude420
Junior Member Join Date: Jul 2009 Posts: 1

Yes/no.

None of your images were deleted. The first thing I did was log in to look. I seemed to notice a few things...for starters, I had a lot of blank images I didn't have before...and there were several copies of the anti-sec message.

I can't determine exactly WHAT they've done. Some of the image thumbnails looked like they weren't completely uploaded..but when you click for the info the image doesn't show up properly..but fills the background of the entire box. I suspect they may have looked at what images were being accessed externally the most and targeted those images.

The images are just there...the filenames have just been changed.


~ Draken

Sami Hartsfield - Houston Legal Issues Examiner (http://www.examiner.com/x-12971-Houston-Legal-Issues-Examiner~y2009m7d11-What-is-AntiSec-What-happend-to-ImageShack-overnight-Is-it-coming-to-town)

Here’s the deal: Anti-Sec guys are apparently wholly against the idea of “full disclosure.” What’s that, you ask? According to the rogue group, it’s the security industry practice of making publicly available all security vulnerabilities in order to, as in the example above, enrich itself by selling yet more security software, firewalls, ad nauseum. But, so the gripe by Anti-Sec goes, by making public this security vulnerability information, “genuine” hackers can use it to further their malicious ways, thereby causing all us grief and to, well, buy more security and anti-virus software. It’d be like the United States government publishing top secret security vulnerabilities at nuclear power plants, thereby practically forcing us to buy their nuclear-proof spacesuits. That’s a far-fetched analogy, but you get the gist.

So the Anti-Sec Movement proposes – indeed, they promise -- to hack any and all such alleged perpetrators with its perceived impunity, ostensibly in order to stop the perps from “full disclosure.”

Following is a part of the Anti-Sec message (link withheld):


Check list / Goals:
Take down every public forum, group, or website that helps in promoting exploits and tools or have show-off sections.
Publish exploits rigged with /bin/rm to whitehats, let them rm their own boxes for you.
Spread the anti-security movement.

-----[ Rules of Engagement:
Don't get too cocky.
Don't underestimate anyone.

Also:
F**k full-disclosure
~ F**k the security industry
~ Keep 0days private
~ Hack everyone you can and then hack some more

Blend in.
Get trusted.
Trust no one.
Own everyone.
Disclose nothing.
Destroy everything.
Take back the scene.
Never sell out, never surrender.
Get in as anonymous, Leave with no trace.


So basically if I read this right they are upset because people are exposing holes in security forcing the security companies to close those holes and making it harder for them to hack peoples stuff. Or rather that by publishing these gaps and making them known more people have access to the hacks. Now they say it is just so that they can 'protect us from the masses' once the threats are published but before a patch is made, and to 'protect us' from the security industry who are trying to 'scare us into submission,' but seriously WTF?

'Let's pretend that there is no threat that way we can all live happy lives!' Look in situations where the odds of the event are rare (Lets say WWIII) yes you're correct there really is no point in worrying about it 24/7 preparing for something that may never come. But with computer security, what something like every couple of seconds, a computer someplace in the world is either hacked or infected by some kind of bug. The fact is computer security is a REAL threat and needs to be addressed.

I'll have to review some of my old tech magazines that I have laying around, but if memory serves the reason we have 'full-disclosure' is because the way it used to be was if a bug or exploit was reported in private it was often brushed under the rug. The thought was if no-one knows about the exploit then we don't have spend money to fix it. In short companies didn't care about security unless it became a widely known issue, hence full-disclosure, a way for force companies into fixing their code.

Now I know that this can create other issues as well, such as: Most companies will work to fix any 'major' threats at all times despite if it is publicly known or not. There have been times where a firm was aware of the threat and working on the solution only to have the problem compounded by the exploit being leaked out. In this regard I see some logic in Anti-sec's claim, if only a VERY little. What they don't say is if they support disclosing hack/exploits privately to companies or if they want to hoard them all for themselves thus, my first argument they want to keep the 'back doors' open but only for themselves.

~ Draken

Over at a diffrent forum I frequent someone posted a link to a PC World article on the group, First paragraph says it all...


The program, called OpenSSH (Secure Shell), is installed on tens of millions of servers made by vendors such as Red Hat, Hewlett-Packard, Apple and IBM. It is used by administrators to make encrypted connections with other computers and do tasks such as remotely updating files.

http://www.pcworld.com/businesscenter/article/168130/dangerous_security_flaw_likely_just_a_hoax.html



~ Draken