Elliott C. Back: Internet & Technology

Hacked by r00tx0

Posted in Hacking, My Blog by Elliott Back on December 9th, 2009.

Today someone “hacked” my blog, and a lot of others on MediaTemple’s shared grid hosting, replacing index.php files randomly with:

haCkeD By r00t-x ~ r00tx0@gmail.com ~

Some script kiddie ran a sploit; apparently things are being fixed now:

We have completed the work necessary to secure our GRID infrastructure from this exploit.

We have also repaired the majority of affected sites using our automated tools. We will continue to run these tools throughout the night. Please let us know if you see anything out of place and we will dig deeper.

3 Comments

MacWorld MacRumors Live Feed Hacked

Posted in Apple, Hacking, Law, Spam by Elliott Back on January 7th, 2009.

I was watching the MacWorld 2009 Apple Keynote live when a message appeared in the feed–”STEVE JOBS JUST DIED”–surprising everyone. In a few minutes, the MacRumors feed was full of coordinated hacked spam:


Highlighted is the beginning of the spam

MacRumors apologized for the incident: “Our MacRumorsLive keynote coverage was hacked today, inserting inappropriate content into the text and photo feeds. We apologize for the inconvenience and are working to restore our services.” However, it was simply negligence on their part for having a control panel which was publicly accessible rather than some kind of nefarious hack. One of the nicer 4chan readers took this screenshot of it before it was taken offline:

See also When Livestreams Go Wrong and 4chan’s /g board where the chaos originated. Hopefully this will teach bloggers and web startups to pay more attention to the security of their websites, as hacking websites is growing more and more popular with savvy internet pranksters.

4 Comments

World of Warcraft Phishing Spam Email

Posted in Games, Hacking, Warcraft, WoW by Elliott Back on November 22nd, 2008.

Just got this lovely email, pretending to be from Blizzard:

Subject: Warning : World of Warcraft Account Notice
From: donotreply@blizzard.com
To: arfenhousetoo@gmail.com

An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard’s EULA under section 4 Paragraph B which can be found here:

WoW -> Legal -> End User License Agreement

and Section 8 of the Terms of Use found here:

WoW -> Legal -> Terms of Use

The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.

In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage:

http://www.worldofwarcraft.com/account

Only Account Administration will be able to assist with account retrieval issues.

Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Sincerely,
Account Administration
Blizzard Entertainment

See, the thing is that the first two links go to real Blizzard pages, but the last one secretly goes towww.blizzard.com.login.xml.mcnewvision.com, which is clearly a moronic phishing attempt. This leaves me with two questions:

  1. Did they target me as a Wow user specifically by harvesting my WoW-associated email address somehow? A Blizzard partial hack?
  2. What would they do with my account if they got it? Sell my lousy lvl 45 char on ebay? LOL….
55 Comments
Next Page »