Owned an Exposed

[Krytical]

so, since it happened, do we need to worry about existing backtrack installations? are the ISO's safe? ettercap was mentioned... isn't that included with backtrack? or is all that sure to be safe?

[thaijames]

so, since it happened, do we need to worry about existing backtrack installations? are the ISO's safe? ettercap was mentioned... isn't that included with backtrack? or is all that sure to be safe?

I think it is legitimate to ask these questions.

The real question is how will we ever know the answer?

And should pentesters be worried that they may be injecting backdoors on their customers when doing a pentest?

[purehate]

Dont believe every thing you read on the internet. Ettercap may be backdoored by no one has been using that source code from the sourceforge ettercap project for years. Anyway, if you were really worried about it you would open up the code and do a review. Owned and Exposed just wanted to instill a little fear via propaganda and it looks like it worked.

[cseven]

I'm assuming this conversation is related to http://www.exploit-db.com/papers/15823/ but I do not read anything about an ettercap backdoor, other then the fact that sourceforge can be compromised and ettercap is hosted there.

You would think that the authors of Ettercap, one of the most popular
whitehat pentesting tools, would know the basics of security.
Apparently they don't, or they just don't give a shit about what
happens to their users.

So, why is their website so insecure? Ettercap's message board is
hosted at Sourceforge, so they share a server with thousands of other
customers. Every single customer is able to execute commands and
access the other project directories. Pretty stupid, eh? You only need
to find one hole in one hosted site and you can access ALL the project
databases. Of course that isn't ALoR's fault, it's Sourceforge's
fault. Regardless, people who care about security and data integrity
wouldn't use such a shitty provider, would they? To be fair, the
Ettercap project is dead. Most of the admins have been inactive for a
few years now, but that is no excuse for such a security mess.
Especially since the server was compromised some five years ago.

Just look at the process list, horrible. Even the worst perl bots
(scax) get access. If such a poorly written bot can own this box,
everyone can.

Some good advice to all other people/projects who are using
Sourceforge: Move. There are enough good alternatives. Yes, I am
talking to you Vim, get the **** out of there. And to all Ettercap
users: arp poisoning is *not* hacking. If you want to achieve
something real, learn the fundamentals and not how to use a GUI. Don't
sniff the passwords of your friends and call yourself a pentester
(looking at you firesheep).

[godcronos]

I can't believe you guys got owned!

[kataibrengsek]

there is nothing impossible, as long as made by human.
no systems or anythings in this world are impossible as long as we want to learn.

[godcronos]

Owned and Exposed just wanted to instill a little fear via propaganda and it looks like it worked.

- based on what I read, it was with good intentions.

[Krytical]

I read the whole "zine" and they don't seem like bad people, of course it could be all lies and misinformation to get just such a reaction, but it's all speculation at that point... But I got my answer, nobody has been using the sourceforge code, so it should be fine... Thanks

[Archangel-Amael]

I can't believe you guys got owned!

This little attack could hardly be considered "owned" considering they did not get root on any servers.

As for ettercap I posted recently in the forums several links disproving the claim that ettercap was/is back doored.