WHID 2007-60: The blog of a Cambridge University security team hacked
This story probably represents hundreds of similar stories. Many of us have come to rely on open source software, which is useful, feature reach and free. It enables us access to tools available to a few only a couple of years ago. The downside is that this easy availability means that many use the tools without having the time, resources and expertise to protect them. Systems such as phpBB and WordPress are good
examples of very popular open source systems that require constant
attention in order to maintain secure.
I am sure that the guys at Light Blue Touchpaper have the expertise to protect their WordPress installation, but they don’t have the time. They made the compromise between ease of management of their web site and its security. Actually my personal blog might be just as vulnerable, since as I write this I am very much not paying attention to its security.
Apart from, or actually because of the fact that the victims are security experts, this story is noteworthy due to two additional twists in the plot:
- Zero day exploit in the wild - the attacker penetrated twice, once using a known SQL injection vulnerability, but the second time using a yet unknown vulnerability in WordPress, which was reverse engineered and published for the first time by the people at Light Blue Touchpaper.
- The researchers found that they can use Google to retrieve the hashed password of the hacker. Google has become so big that it actually allows efficient encrypted passwords lookup.
- Upgrade and new theme [Light Blue Touchpaper Blog, Oct 27 2007]
- Google as a password cracker [Light Blue Touchpaper Blog, Nov 16 2007]
- Forgotten your password? Google can find it for you. Unfortunately [Technology Guardian, Nov 23 2007]
- Wordpress cookie authentication vulnerability [Light Blue Touchpaper Blog, Nov 20 2007]