digg

Facebook Connect Join Digg About

ImageShack Hacked by Anti-sec Movement

mashable.com one of the web’s largest image hosts, was attacked tonight by a movement called “Anti-Sec”. The result of the attack has been to replace all ImageShack hosted images with a manifesto for the movement.

Who dugg this? Made popular Jul 11, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

180 Comments

show profanity settings
expand all
  • Iamien, on 07/11/2009, -0/+290I feel sorry for the avatars and the signatures of the internet.
  • Jaime2000, on 07/11/2009, -5/+283Wow, these guys are *****. Both for messing with the pictures of innocent people AND for their belief in security through obscurity.
  • Lordjake, on 07/11/2009, -1/+211I wonder if that means they won't be telling anyone how they hacked imageshack.
  • thealliedhacker, on 07/11/2009, -4/+206It's a bunch of script kiddies pissed off at the other script kiddies, and are actually stupid enough to believe in "security through obscurity."

    Long version: whenever exploitable bugs are found in software, it's usually posted everywhere, in an effort to help find a fix, as well as force the developer to patch. Sometimes it comes with a "proof of concept" script that exploits said flaw, and some kids sometimes take that script and make it do something nasty, hence "script kiddies." This group is against these websites that host the details of these exploits, though most no longer come with proofs of concept.
  • Shuk, on 07/11/2009, -0/+170That's a great way to gain sympathy for your cause... to piss off everyone who sees your image. /s
  • leahpee, on 07/11/2009, -4/+143Okay, that's all fine and dandy that they have a movement but...

    Huh?
  • myAmygdala, on 07/11/2009, -2/+124"your"
  • Spire3660, on 07/11/2009, -4/+113Not only that, their belief that they can bring change by this. You can tell the 'manifesto' is poorly thought out.

    "WAAAAAAA script kiddies can crack too, im gonna stop it" WAAAAAAAAAA
  • cygnus2112, on 07/11/2009, -3/+105I love when a spelling nazi misspells while being a righteous *****.

  • johnkemp, on 07/11/2009, -4/+88Moronic group and harmful philosophy. Security through obscurity doesn't work and tends to make things worse. I thought we knew this by now.
  • Plan8Podcast, on 07/11/2009, -3/+67These ***** sound like the kinda rhetoric that just allows people who are the rich developers to make more bad code for crappy products and never fix crap. They are doing this to get their name and and show oh we can hack your ***** but we can keep quite about it so hire us to do your dirty work. Again Ass Hats award of the week goes to Anti-*****. To sum up their point "Keep your head in the sand and let bad insecure code propagate with out outsider questioning."

    Even though the exploits are usually told to the software's company months usually in advance before they are publicly publish. The point of the threat of publishing is the FIX THAT ***** before some other less ethical *COUGH* RUSSIAN *COUGH* hackers finds out the same exploit and makes a playground of the worlds networks from it for fun and profit .

    Anti-sec = lazy script kiddy coders who don't want to do more work so they are trying to scare people to allow themselves to stay lazy. BLOODY WANKERS!
  • palehorse864, on 07/11/2009, -1/+64I don't think they believe in security through obscurity. I think they believe that obscurity will leavetthe scripts and exploits they're using open and make their lives easier.
  • Jack8274, on 07/11/2009, -8/+69What a bunch of DOUCHBAGS!
  • NickYF19, on 07/11/2009, -2/+63Woops! Glad I'm not using Imageshack.
  • theparaiba, on 07/11/2009, -1/+51yeah, because I'm entitled to a free image host!
  • schroeder, on 07/11/2009, -1/+48If the exploits aren't out there and exposed, then only those who discover them will even know about them. Many security professionals who discover these issues inform the developers to have them fixed. If these don't get fixed in a reasonable time frame they release that information to the public to force their hand. If this did not happen, there would be many more security holes in software because many companies don't want to spend time and money on developers re-writing and fixing code. I question the motives of this organization. It stands to reason that those discovering and using such exploits for malicious and monetary gain would have the same opinion of the Anti-sec movement. I would rather everyone know about and how to execute an exploit in a particular software so everyone would know how it works, what it does, how to prevent it, and/or not use the affected software.
  • StubbyClapp, on 07/11/2009, -5/+52pwnt
  • Spire3660, on 07/11/2009, -3/+47Teenager wrote that, no doubt.
    So they are going to crack a bunch of stuff to stop crackers??
  • HopeForTomorrow, on 07/11/2009, -2/+45Oh noes! imageshack will be ***** up long enough for their on-call tech teams to load a back up of the entire site.

    That whole five minutes, oh noes!
  • Iamboss, on 07/11/2009, -0/+43http://romeo.copyandpaste.info/txt/imageshack-pwne ...
  • leahpee, on 07/11/2009, -1/+43Right. The new breed of nerd-emo.

    I call it....

    Nemo.

    Thanks for the clarification alliedhacker.
  • blackmesa, on 07/11/2009, -2/+40I read their manifesto, and all I got out of it was: "Security through obscurity is perfectly credible DUR DUR DUR WE ARE MORONS".
  • TechnoRabbit, on 07/11/2009, -0/+36Again, stupid *****, security through publicity is the best way to do it. Let everyone know there is a problem and how to fix it. This way everyone can avoid the problem and thus make the problem not such an issue.

    What you are saying is, "Telling everyone about HIV is worse than not telling everyone about HIV!" Obscurity is not effective.
  • klieber, on 07/11/2009, -2/+37Or...what? You'll demand a refund of all the money you paid them?
  • inactive, on 07/11/2009, -2/+36they most likely did back most of the images up. even facebook, as large as it is, has a backup copy of itself for emergencies.
    if they didn't, then they deserve to be hacked like this.
  • alexp2ad, on 07/11/2009, -0/+33'rm' is the remove/delete command on Unix based systems, so to be rm'd is to be removed.
  • shadeOfGrey, on 07/11/2009, -0/+33It's in the constitution.
  • cygnus2112, on 07/11/2009, -10/+43Congratulations, sonofabiscuit, you're not only a righteous ***** but you've declared yourself as a religion-bashing douchebag, too. One that fails at analogies.
  • jwhitman89, on 07/11/2009, -2/+34Apparently, they didn't have their images up for long:

    http://profile.imageshack.us/user/solyc/images/det ...
  • eyean540, on 07/11/2009, -19/+51a bunch of my images were effected.... they ***** better put them back after this *****
  • TDDebug, on 07/11/2009, -0/+31They said in their defacement or whatever, "No images were harmed in the making of this... image" which hints to them not actually deleting anything but we'll see what Imageshack says.
  • Culyt, on 07/11/2009, -1/+31What a pointless goal, do they really think companies would ever bother to patch security vulnerabilities if they weren't publicly known about? Many don't even bother when they are.

    If vulnerabilities aren't publicly known, then companies won't patch them. Then the people who aren't script kiddies can do things like create the next MS blaster worm.

    Also insecure products would be used in sensitive areas since people would have no idea about which is the more secure product.

    This movement blames people selling firewalls and other such bullocks, firewalls don't stop exploits if the server is accessible, this really sounds more like various groups in the software industry are funding them in order to:
    A) Sell more crap like they claim since their own existence seems to prove the need for security and greater detection of vulns.
    B) Get fewer vulns public so the software industry doesn't have to spend time/money with patch and can leave software insecure.
    C) Keep exploits secret for their own use as some kind of 'superior hackers'.
    D) Parody the security industry in order to actually increase vulnerability tracking by proving what asshats the people who are against it are.
    E) Be attention whores since their goals will never be reached as they are little more than throwing temper tantrums. Sure they are going to take down the entire industry, I believe them, with their light coloured text on a black background they are clearly super-uber hackers.

    Overall it seems very odd that people with security knowledge would ever be against public vulnerability publishing without some alternative reason.
  • Giga, on 07/11/2009, -2/+31"b) rm is to *nix as the del command is to DOS."

    I'm sure that helps out the non-technical users as much as you expected it to.
  • helixsqrd, on 07/11/2009, -1/+29as for a. i had to re-read it, but it seems like they want people to not disclose the exploits so that security companies cant con you into buying there software. or something like that. im having a hard time forming a opinion about this.
  • Hraes, on 07/11/2009, -0/+24Hate to ruin your day, but photobucket is notoriously hackable. Wouldn't be surprised if they're next to get hit.
  • Jaime2000, on 07/11/2009, -3/+25Sometimes, that's the only way to motivate people to fix problems.
  • vinci, on 07/11/2009, -0/+22Being against full disclosure means that your security relies on people not knowing the holes. And that's called security through obscurity.

    Is there any "*****" I'm not understanding?
  • JeSTeRSeVeN, on 07/11/2009, -0/+21It looks like they are already being restored.
  • palehorse864, on 07/11/2009, -1/+22I think they don't like exploits etc. being published because people then patch them out and they lose an easy way to get into systems and have to find a new exploit. They would probably like to use the same ones they know forever.
  • xyphur, on 07/11/2009, -1/+22a) No. From what I gather, they want people/companies who make exploits available shut down. It's akin to a crooked mechanic who fixes an issue on your car, but creates another so you'll have to come back and spend more money later. Well, somewhat similar anyway. That's overgeneralizing, but you get the idea I'm sure...

    b) rm is to *nix as the del command is to DOS.
  • megaton, on 07/11/2009, -3/+23I applaud your talent for identifying the implied punchline.

    (Go ahead, repeat what mine is, too!)
  • inactive, on 07/11/2009, -1/+20wow. im quite interested to find out how all of this turns out.
    but for now, im happy i have all my images on photobucket. :)
  • JeSTeRSeVeN, on 07/11/2009, -1/+19If that's true, those images are toast. Could imageshack possibly have backed up all of those images?
  • LilRabbitFooFoo, on 07/11/2009, -2/+20What morons...
  • funk49, on 07/11/2009, -13/+31Uh, they're against full disclosure for exploits, so I kinda figure that's a "yes".
  • stevenbrown, on 07/11/2009, -0/+17Not to mention the blinking princess gifs on myspace
  • MidnightRIder77, on 07/11/2009, -2/+19So... where does this leave imageshack? do they have a backup server or is everyone that had images there *****?
  • Seasonal76, on 07/11/2009, -1/+17I imagine whatever script they used replaced all links to pics with their Anti-Sec manifesto pic so the original images wouldn't actually be deleted off of the servers.
  • MrSparkle666, on 07/11/2009, -10/+25Regardless of Anti-sec or their cause, I must say that is pretty damn impressive!
  • Lunarbunny, on 07/11/2009, -2/+17By their logic, PGP is insecure because it's an open standard.
  • Fetching more discussions...
    Show 51 - 100 of 187 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.