(http://i1-news.softpedia-static.com/images/news2/Interview-with-Marius-Cor-ci-on-the-CTF365-Capture-the-Flag-Platform-401197-2.png)
Ayer me llego una interesante noticia donde un puñado de hackers vulneraron el sistema principal del ya muy conocido laboratorio virtual de pentesting http://ctf365.com/ donde muchos interesados del tema estábamos registrados.
En fin, el tema va en que han accedido a la db y han publicado los datos de los usuarios registrados:
Emails y nicks: (Si están en esta lista, es recomendable que cambien las contraseñas de sus cuentas y tener cuidado porq probablemente nuestros datos estén siendo usados en alguna campaña de spam)
http://pastebin.com/Bi7mv9Kw
Comunicado oficial del sitio: (según los administradores del sitio, no se sabe si los atacantes llegaron a obtener las contraseñas)
http://blog.lifars.com/2014/11/25/ctf365-hacked-pentesting-company-failed-to-withstand-a-real-world-pentest/
Para dejarlo claro, por ahora no se han publicado contraseñas, según la cuenta oficial de CTF365 en Twitter las contraseñas estaban almacenadas hasheadas y con salt, pero recomiendan cambiarlas igualmente.
Segun comenta en un nuevo mail el admin, fueron PWNEADOS por un ex compañero de trabajo que habia dejado un backdoor, es eso o no se hacen cargo de las brechas que tuvieron o pueden seguir teniendo.
Adjunto el mail.
CitarHi q3rv0,
As you might already know, we had a small incident yesterday (November 25th). One of our former CTF365 team mates throw a list with usernames and their email address in the wild. Immediately we took action and reported to Romanian CERT (Computer Emergency Respond Team). They'll
start to dig in too as well as the Police (cybercrime dept).
We're sorry for this happening.
For your information, we have all passwords hashed, salted and we use Devise for authentication [1]. So except that there was the email addresses and usernames, nothing ugly and deep was compromised. Also as you know, we don't keep sensitive data on our
platform for this specific reason (in case of hacking not to find sensitive data). This is the reason we work with third party gateway payment system. More expensive for us, but a lot safer for you as a user.
Safety is our priority and always will be. This wasn't a security flow/breach or vulnerability, this was a vendetta from a former team mate whom we trusted.
As we speak, we're in process for a fresh install to all our infrastructure machines in order to avoid any possible backdoors left behind.
We recommend you to change your CTF365 account password once we'll be back, up and running.
Once again, sorry for the incident and if there is anything more you want to know, please do ask. I'd gladly answer to your questions.
Best regards,
[1] https://github.com/plataformatec/devise
Marius Corici
CEO for CTF365