JOSHUAONGYS.COM

Lifestyle. Events. Tech. Travel.

9 Flares Filament.io Made with Flare More Info'> 9 Flares ×

So, Gaysec Hackers Group did released records from Advertlets database at 12AM where they said they have obtain 50,000 records after JUST 10 minutes. Pretty interesting i must say. 1st it was Nuffnang 1 day before then it’s Advertlets.

Which is next i wonder…

Anyways, again, here’s a rough timeline of of the happenings

23 July 2011
4PM – Gaysec announced that they will release database information from Advertlets at 12AM 24th July 2011
7PM – Josh Lim, founder of Advertlets tweeted : No intrusion is proven yet & no interruptions in service, however we advise Advertlets members to change passwords http://on.fb.me/nBuzYw
He added that he and his team were in the office monitoring.
8PM – According to Josh Lim : His team did some effort to step up security on Advertlets
24 July 2011
12AM – Gaysec Hackers Group released 1,000 records from Advertlets Database which includes Email + Hashed Passwords (Records said to be registered since 2007), the group added that Josh Lim contacted them requesting to release ONLY 1k records. On the other hand, database access information was released as well.
12AM-2AM
- Josh Lim announced on Twitter that only 1,000 e-mails from Advertlets database revealed & passwords are safe with services & earnings not affected.
- He added on that if you registered after 17th May 2007, your details is not affected/revealed.
- Melvin Foong a.k.a @starwing tweeted that Josh Lim lied adding on saying that personal details were exposed.
- Melvin Foong tweeted that @joshlim has called him personally.
- Official Statement on Advertlets Security Breach posted

#Title: advertlets.com digodam dan 1 ribu database dilepaskan
#Date: 24 July 2011

assalamualaikum dan selamat sejahtera,

Harini ini, kami telah mendapat banyak maklum balas di laman sosial twitter
mengenai laporan berita laman web nuffnang yang telah kami lepaskan pada
pukul 12:00 malam, 23 julai 2011. Dan kami perasan terdapat ramai ahli di
twitter tweet mengenai advertlets supaya berubah kepada servis pengiklanan
advertlets.com pula.

Tetapi, tahukah anda? bahawa laman sesawang advertlets juga mempunyai banyak
kelemahan sehinggakan kami sendiri juga boleh memasuki ke dalam server/pelayan
advertlets dan melakukan beberapa “ujian tahap keselamatan” terhadap pelayan
dan laman sesawang advertlets, sehinggakan kami dapat mendapatkan sebanyak
lebih 50,000 ribu alamat email, kata laluan dan beberapa lagi alamat peribadi
yang penting seperti nombor telefon, alamat dan lain-lain.

Bercakap tentang “advertlets”, semalam kami ada terbaca tweet di twitter daripada
advertlets sendiri menyatakan “nuffnang” telah digodam oleh kami, dan menyuruh
ahli yang mendaftar di nuffnang.com.my supaya menukar kata laluan demi keselamatan.

Dan, ketika laporan ini ditulis, kami ada terbaca salah satu “wall post” daripada
Advertlets tentang kejadian yang menimpa terhadap nuffnang semalam, dan pihak
Advertlets menyatakan kumpulan Advertlets telah bangun daripada tidur pada pukul
4:39 pagi untuk memeriksa keadaan keselamatan laman sesawang Advertlets.com untuk
memastikan data dan maklumat pengguna Advertlets selamat, tetapi tiada laporan yang
“buruk” telah di temui oleh mereka. Sebab? kerana kami sedang tidur waktu itu, haha.

Status “wall post” daripada Advertlets:

https://www.facebook.com/advertlets/posts/10150246713351235

Tidak sampai 10 minit kami melakukan ujian keselamatan terhadap laman sesawang
advertlets, kami telah dapat menjumpai kelemahan yang sangat senang dan mudah
boleh dijumpai oleh seseoarang itu.

Ye, seperti biasa yang kami selalu katakan dan kami cuma akan berpegang pada
satu perkataaan sahaja, iaitu “tiada sistem yang sebetul-betulnya selamat di
dunia ini(no system is secure)”. Begitu juga dengan apa yang terjadi pada nuffnang
dan juga advertlets. Motif kami tetap sama dan tidak akan pernah berubah walau
sekali pun, iaitu untuk menegakkan dan membangunkan tahap keselamatan di sesuatu
laman sesawang atau sistem di malaysia ini kepada sesuatu yang lebih baik. Kami
mahu suatu hari nanti malaysia menjadi seperti negera lain yang mempunyai tahap
keselamatan laman sesawang atau sesuatu sistem itu yang “terbaik”.

Tetapi, kami tetap percaya dengan prinsip kami, iaitu “tiada sistem yang
betul-betul selamat di dunia ini”. Kami turut risaukan jika suatu hari nanti
advertlets digodam atau dipergunakan oleh seseoarang untuk menyebarkan virus
seperti di laman sosial facebook dan lain-lain, dengan hanya menggunakan
“trafik” dan jumlah pelawat yang tinggi, seseorang itu boleh menapulasikan
kelemahan itu untuk menyebarkan dan membuat perkara yang tidak baik dengan
hanya menggunakan laman sesawang advertlets ini.

Seperti yang kami ingatkan, jangan la terlalu bermegah-megah dengan tahap
keselamatan laman sesawang sendiri. Kerana tidak mungkin ada sistem di dunia
ini yang dicipta oleh manusia adalah sempurna dan ramai lagi manusia di dunia
ini jauh lagi hebat daripada kita, Allah sahaja yang mampu menjadikan sesuatu
benda itu sempurna :).

Oh ya, sebelum terlupa, kami hanya akan melepaskan sebanyak 1 ribu sahaja daripada
database adverlets yang kami dapat di atas sebab keselamatan dan perkara yang
tidak dapat dielakkan.

Muat turun database advertlets: http://www.gaysec.net/download/advertlets_1000.rar

Berikut adalah beberapa informasi tentang server/pelayan adverlets:

$ uname -a
Linux advertlets-web.advertlets.com 2.6.18-194.17.1.el5 #1 SMP Wed Sep 29 12:50:31 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
$ id
uid=101(apache) gid=500(apache) groups=500(apache)
$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 dedicated-05 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
210.5.42.75 advertlets-web.advertlets.com
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
avahi-autoipd:x:100:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
apache:x:101:500::/var/www:/bin/false
diradmin:x:102:104::/usr/local/directadmin:/bin/false
mysql:x:103:105:MySQL server:/var/lib/mysql:/bin/false
webapps:x:500:501::/var/www/html:/bin/false
majordomo:x:104:2::/etc/virtual/majordomo:/bin/false
dovecot:x:105:106::/home/dovecot:/bin/false
admin:x:501:502::/home/admin:/bin/bash
advertlets:x:502:503::/home/advertlets:/bin/bash
clamav:x:503:504:Clam AntiVirus:/home/clamav:/bin/false
isupport:x:504:505::/home/isupport:/bin/bash
eeleong:x:505:506::/home/eeleong:/bin/false
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
$ ls -al
total 1936
drwxr-xr-x 88 advertlets advertlets 4096 Jun 28 15:54 .
drwx–x–x 8 advertlets advertlets 4096 Nov 8 2010 ..
-rw-r–r– 1 advertlets advertlets 198 Jun 7 20:17 .htaccess
-rw-r–r– 1 advertlets advertlets 91113 Jun 7 20:17 1flashscale.swf
-rwxr-xr-x 1 advertlets advertlets 515 Jun 7 20:17 400.shtml
-rwxr-xr-x 1 advertlets advertlets 515 Jun 7 20:17 401.shtml
-rwxr-xr-x 1 advertlets advertlets 515 Jun 7 20:17 403.shtml
-rwxr-xr-x 1 advertlets advertlets 515 Jun 7 20:17 404.shtml
-rwxr-xr-x 1 advertlets advertlets 515 Jun 7 20:17 500.shtml
-rw-r–r– 1 advertlets advertlets 8029 Jun 7 20:17 AC_RunActiveContent.js
drwxr-xr-x 10 advertlets advertlets 4096 Dec 28 2007 CJ7
drwxr-xr-x 2 advertlets advertlets 4096 May 15 2008 MAFU
drwxr-xr-x 2 advertlets advertlets 4096 May 26 2009 TA
-rw-r–r– 1 advertlets advertlets 148480 Jul 26 2010 Thumbs.db
drwxr-xr-x 12 advertlets advertlets 4096 Jun 9 17:21 _
drwxr-xr-x 3 advertlets advertlets 4096 Apr 22 2008 _backup
drwxr-xr-x 13 advertlets advertlets 4096 Apr 18 2008 _lab2
drwxr-xr-x 15 advertlets advertlets 4096 Jun 6 22:26 _labs
drwxr-xr-x 2 advertlets advertlets 4096 May 29 2008 _script
-rw-r–r– 1 root root 0 Jul 10 2007 a.txt
drwxr-xr-x 2 advertlets advertlets 4096 Sep 23 2008 admaxasia
drwxr-xr-x 2 advertlets advertlets 4096 Jul 16 2007 admin
drwxr-xr-x 2 advertlets advertlets 4096 Apr 26 2007 adv
-rw-r–r– 1 advertlets advertlets 29871 Jun 7 20:17 adverlets-beta.jpg
-rw-r–r– 1 advertlets advertlets 173266 Jun 7 20:17 advertlets-2009-Q2.swf
-rw-r–r– 1 advertlets advertlets 16219 Jun 7 20:17 advertlets-register.html
-rw-r–r– 1 advertlets advertlets 7977 Jun 7 20:17 advertlets-testregister.php
-rw-r–r– 1 advertlets advertlets 177867 Jun 7 20:17 advertlets-widget-alltitan.swf
-rw-r–r– 1 advertlets advertlets 199 Jun 7 20:17 advertlets-widget.html
-rw-r–r– 1 advertlets advertlets 55535 Jun 7 20:17 advertlets_advertisers.swf
-rw-r–r– 1 advertlets advertlets 116 Jun 7 20:17 advertlets_sitemap.txt
drwxr-xr-x 14 advertlets advertlets 4096 Jun 13 13:36 apps
drwxrwxrwx 3 advertlets advertlets 4096 Apr 29 2008 asset
drwxr-xr-x 3 advertlets advertlets 4096 Jul 22 2008 beta1
drwxr-xr-x 13 advertlets advertlets 4096 Oct 6 2008 beta2
-rw-r–r– 1 advertlets advertlets 137020 Jun 7 20:17 bg.swf
drwxr-xr-x 12 advertlets advertlets 4096 Mar 10 2008 blogger
drwxr-xr-x 2 advertlets advertlets 4096 Sep 25 2009 brian
drwxr-xr-x 2 advertlets advertlets 4096 Mar 31 2008 brylcreem
drwxr-xr-x 6 advertlets advertlets 4096 Aug 23 2010 catsndogs
drwxr-xr-x 6 advertlets advertlets 4096 Aug 19 2010 celcomtb
drwxr-xr-x 2 advertlets advertlets 4096 Apr 26 2007 cgi-bin
drwxr-xr-x 3 advertlets advertlets 4096 Jun 11 2010 chillex
drwxr-xr-x 2 advertlets advertlets 4096 Jun 4 2007 cimb
drwxr-xr-x 2 advertlets advertlets 4096 Mar 17 2008 clickTRUE_download
-rw-r–r– 1 advertlets advertlets 3572 Jun 7 20:17 comments.php
-rw-r–r– 1 advertlets advertlets 227 Jun 7 20:17 crossdomain.xml
drwxr-xr-x 2 advertlets advertlets 4096 Oct 5 2010 diggbar
drwxr-xr-x 3 advertlets advertlets 4096 Feb 27 2009 digi-temp
drwxr-xr-x 2 advertlets advertlets 4096 Jun 24 17:23 disneyplayhouse
drwxr-xr-x 2 advertlets advertlets 4096 Aug 22 2008 download
drwxr-xr-x 2 advertlets advertlets 4096 Oct 11 2010 energizer
drwxr-xr-x 4 advertlets advertlets 4096 Jun 11 2010 eucerin
drwxr-xr-x 2 advertlets advertlets 4096 Oct 8 2007 faces2
drwxr-xr-x 2 advertlets advertlets 4096 Feb 26 2009 files-archive
drwxr-xr-x 2 advertlets advertlets 4096 Jun 22 2007 flash_test
-rw-r–r– 1 advertlets advertlets 1892 Jun 7 20:17 flashscale.html
-rw-r–r– 1 advertlets advertlets 173315 Jun 7 20:17 flashscale.swf
drwxr-xr-x 6 advertlets advertlets 4096 Sep 6 2010 gahoole
drwxr-xr-x 2 advertlets advertlets 4096 Jan 21 2011 galacticlaser
drwxr-xr-x 4 advertlets advertlets 4096 Apr 8 14:18 groupon_textads
drwxr-xr-x 2 advertlets advertlets 4096 Aug 25 2010 hashtags
drwxr-xr-x 2 advertlets advertlets 4096 Oct 5 2008 hfactor
drwxr-xr-x 2 advertlets advertlets 4096 Jun 28 15:55 holidayvilla
drwxr-xr-x 14 advertlets advertlets 20480 Jan 5 2011 images
drwxr-xr-x 3 advertlets advertlets 4096 Jun 9 2008 in
-rw-r–r– 1 advertlets advertlets 397 Jun 7 20:24 index.php
-rw-r–r– 1 root root 67 Jul 10 2007 index1.php
-rw-r–r– 1 advertlets advertlets 4855 Jun 7 20:17 index2.php
-rw-r–r– 1 advertlets advertlets 4869 Jun 7 20:17 index3.php
drwxr-xr-x 2 advertlets advertlets 4096 Mar 31 2009 kariza
drwxr-xr-x 3 advertlets advertlets 4096 Mar 31 2009 kimnjosiah
drwxr-xr-x 6 advertlets advertlets 4096 Jun 17 2010 klia
drwxr-xr-x 2 advertlets advertlets 4096 May 12 2009 krispykreme
drwxr-xr-x 14 advertlets advertlets 4096 Jul 30 2010 labs
drwxr-xr-x 2 advertlets advertlets 4096 Oct 8 2010 leisureinn
-rw-r–r– 1 advertlets advertlets 9822 Jun 7 20:17 leisureinn.html
-rw-r–r– 1 advertlets advertlets 68550 Jun 7 20:17 leisureinn.swf
-rw-r–r– 1 advertlets advertlets 15606 Jun 7 20:24 license.txt
drwxr-xr-x 12 advertlets advertlets 4096 Jun 9 2008 lite
-rwxr-xr-x 1 advertlets advertlets 13954 Jun 7 20:17 logo.jpg
-rw-r–r– 1 advertlets advertlets 61287 Jun 7 20:17 logos-advertisers.swf
drwxr-xr-x 2 advertlets advertlets 4096 Dec 26 2007 m2008c
drwxr-xr-x 2 advertlets advertlets 4096 Jul 9 2007 maintenance
drwxr-xr-x 2 advertlets advertlets 4096 Feb 21 11:29 marketing
drwxr-xr-x 2 advertlets advertlets 4096 Oct 17 2007 mediaprima
drwxr-xr-x 3 advertlets advertlets 4096 May 6 2008 megamobile
drwxr-xr-x 6 advertlets advertlets 4096 Mar 23 2010 missuniversemalaysia
drwxr-xr-x 2 advertlets advertlets 4096 Apr 24 2008 mol
drwxr-xr-x 5 advertlets advertlets 4096 Mar 12 2010 new
-rw-r–r– 1 advertlets advertlets 4712 Jun 7 20:17 old__index.htm
-rw-r–r– 1 advertlets advertlets 7760 Jun 7 20:17 page-titan.php
drwxr-xr-x 2 advertlets advertlets 4096 Apr 26 2007 pdf
drwxr-xr-x 2 advertlets advertlets 4096 Apr 26 2007 plesk-stat
drwxr-xr-x 2 advertlets advertlets 4096 Jun 12 2007 presentation
drwxr-xr-x 21 advertlets advertlets 4096 Jul 6 02:30 private
drwxr-xr-x 2 advertlets advertlets 4096 Aug 8 2008 publicis-temp
drwxr-xr-x 5 advertlets advertlets 4096 Mar 17 2009 query
-rw-r–r– 1 advertlets advertlets 9202 Jun 7 20:24 readme.html
drwxr-xr-x 2 advertlets advertlets 4096 Jun 8 12:11 revive
drwxr-xr-x 2 advertlets advertlets 4096 Jun 20 13:49 samsung-s2
drwxr-xr-x 2 advertlets advertlets 4096 Oct 11 2010 samsungtab
drwxr-xr-x 3 advertlets advertlets 4096 Oct 17 2008 saveandinvest
drwxr-xr-x 2 advertlets advertlets 4096 Dec 12 2007 savvyui
drwxr-xr-x 3 advertlets advertlets 4096 Jun 10 18:09 sham
drwxr-xr-x 2 advertlets advertlets 4096 Apr 30 2008 sigil
-rw-r–r– 1 advertlets advertlets 211 Jun 7 20:17 sitemap.txt
-rw-r–r– 1 advertlets advertlets 596 Jun 7 20:17 sitemap2.txt
drwxr-xr-x 2 advertlets advertlets 4096 Mar 24 2008 st701
drwxr-xr-x 2 advertlets advertlets 4096 Jun 26 2007 starbucks-temp
drwxr-xr-x 2 advertlets advertlets 4096 Jul 13 2007 starceleb
drwxr-xr-x 25 advertlets advertlets 4096 Jul 10 2007 support
drwxr-xr-x 17 advertlets advertlets 4096 Apr 4 15:54 tabvert
drwxr-xr-x 4 advertlets advertlets 4096 May 7 2010 temp
drwxr-xr-x 7 advertlets advertlets 4096 Dec 2 2010 test
-rw-r–r– 1 root root 17 Jul 10 2007 test.php
-rw-r–r– 1 advertlets advertlets 1342 Jun 7 20:17 testflash.html
drwxr-xr-x 2 advertlets advertlets 4096 Apr 20 2009 testing2
-rw-r–r– 1 advertlets advertlets 483 Jun 7 20:17 testregister.swf
drwxr-xr-x 4 advertlets advertlets 4096 Aug 21 2009 theuglytruthmovie
-rw-r–r– 1 advertlets advertlets 3496 Jun 7 20:17 titan-bloggers.rss
drwxr-xr-x 3 advertlets advertlets 4096 Mar 30 2009 tourismaustralia
drwxr-xr-x 2 advertlets advertlets 4096 Sep 29 2007 toyota
drwxr-xr-x 4 advertlets advertlets 4096 Jun 10 18:04 txtads
-rw-r–r– 1 advertlets advertlets 23 Jun 7 20:17 verify.txt
-rw-r–r– 1 advertlets advertlets 29186 Jun 7 20:17 widget.swf
drwxr-xr-x 6 advertlets advertlets 4096 Dec 15 2010 wordpressblog
drwxr-xr-x 2 advertlets advertlets 4096 Apr 26 2007 wp
-rw-r–r– 1 advertlets advertlets 4337 Jun 7 20:24 wp-activate.php
drwxr-xr-x 9 advertlets advertlets 4096 May 10 16:33 wp-admin
-rw-r–r– 1 advertlets advertlets 40261 Jun 7 20:24 wp-app.php
-rw-r–r– 1 advertlets advertlets 226 Jun 7 20:24 wp-atom.php
-rw-r–r– 1 advertlets advertlets 274 Jun 7 20:24 wp-blog-header.php
-rw-r–r– 1 advertlets advertlets 3931 Jun 7 20:24 wp-comments-post.php
-rw-r–r– 1 advertlets advertlets 244 Jun 7 20:24 wp-commentsrss2.php
-rw-r–r– 1 advertlets advertlets 3177 Jun 7 20:24 wp-config-sample.php
-rw-r–r– 1 advertlets advertlets 3083 Jun 12 23:49 wp-config.php
-rw-r–r– 1 root root 3083 Jun 1 16:46 wp-config.php_bak
drwxr-xr-x 8 advertlets advertlets 4096 Jun 7 20:35 wp-content
-rw-r–r– 1 advertlets advertlets 1255 Jun 7 20:24 wp-cron.php
-rw-r–r– 1 advertlets advertlets 246 Jun 7 20:24 wp-feed.php
drwxr-xr-x 8 advertlets advertlets 4096 Jun 7 15:31 wp-includes
-rw-r–r– 1 advertlets advertlets 1997 Jun 7 20:25 wp-links-opml.php
-rw-r–r– 1 advertlets advertlets 2453 Jun 7 20:25 wp-load.php
-rw-r–r– 1 advertlets advertlets 27816 Jun 7 20:25 wp-login.php
-rw-r–r– 1 advertlets advertlets 7774 Jun 7 20:25 wp-mail.php
-rw-r–r– 1 advertlets advertlets 494 Jun 7 20:25 wp-pass.php
-rw-r–r– 1 advertlets advertlets 224 Jun 7 20:25 wp-rdf.php
-rw-r–r– 1 advertlets advertlets 334 Jun 7 20:25 wp-register.php
-rw-r–r– 1 advertlets advertlets 224 Jun 7 20:25 wp-rss.php
-rw-r–r– 1 advertlets advertlets 226 Jun 7 20:25 wp-rss2.php
-rw-r–r– 1 advertlets advertlets 9655 Jun 7 20:25 wp-settings.php
-rw-r–r– 1 advertlets advertlets 18644 Jun 7 20:25 wp-signup.php
-rw-r–r– 1 advertlets advertlets 3702 Jun 7 20:25 wp-trackback.php
-rw-r–r– 1 advertlets advertlets 3210 Jun 7 20:25 xmlrpc.php

Gaysec has successfully hacked both Nuffnang & Advertlets – Malaysia blog network database in 2 days and from what i can digest from both lists of data released, Nuffnang clearly have a better security measure compared to Advertlets.

I might be wrong as i’m no security expert but anyways, looking at how both side deal with this crisis, i don’t have much more to say.

Official Statement by Nuffnang

Dear Nuffnangers,

Yesterday evening on Friday (22nd July), we discovered an illegal and unauthorised intrusion into our network, which was the latest in a series of hacking incidents by individuals who also claim to have targeted Streamyx, CIMB, TV3 and the several other local websites previously. In our case, the hackers managed to retrieve a portion of our blogger account information and released the emails of some Nuffnang accounts.

The breach has since been fixed, and we’d like to address a few key concerns that you may have.

1. Your password is safe.
As part of the existing security measures, all user passwords in our database have always been protected with one-way encryption. Nevertheless, we still encourage you to change your password (especially if you use the same password for other sites) as a precautionary measure in case the hackers are able to get past the encryption.

2. Blog earnings and payment records are not affected.
Current earnings and payment history for all users are safe and were not compromised in any way.

3. Loading of blogs serving Nuffnang ads is not affected.
At 1.00 am last night, our Tech team took down the website for maintenance and for a few hours, ads were not served. This morning though, everything is up and running again and back to normal. All blogs serving Nuffnang ads loaded as usual and were not affected by the breach.

This security lapse is an isolated incident, as the security of our sites has always been and always will be our utmost priority. It has however opened our eyes on some vulnerabilities we had on our website. In response to that, we will be taking measures to further heighten the security of the Nuffnang framework because from what we understand, that was after all the motivation of the hackers – not to cause any permanent damage, but to highlight vulnerabilities in a system.

To the Nuffnangers who made many attempts to alert us once word got out that the Nuffnang site was hacked, we cannot begin to thank you enough.

To the wonderful Nuffnang community, thank you for standing by us in this time of crisis. Your patience and support is something we are thankful for and will never take for granted. We apologize for any inconvenience caused, and for not being able to prevent this breach. We have put dedicated staff to work on this matter, therefore to address any concerns or questions you may have about this incident, please write in to us at security@nuffnang.com.

Thank you.

Sincerely,
The Nuffnang Team

Official Statement by Advertlets

A group calling themselves Gaysec, who previously hacked the websites of Streamyx, CIMB, & Nuffnang had an attempted hack on Advertlets at 12 midnight today. They released 1,000 member e-mail addresses were, however if you signed up AFTER 17 May 2007, you are not affected. Ad serving & earnings are not affected as far as we know, and we will continue to update this as we receive more information.

If you know a thing or two about Database, then go here & find out what kinda info might be in other hands at this time.

Gaysec Hackers Group released database access information along with the 1k records from 12AM onwards. There’s no difference if your email is in or not in the file containing the 1,000 records. Database Access Information (Server IP Address, Database Name, Username, Password) WAS RELEASED along with it and so if anyone who know how to access Advertlets database would have obtained all the data in it easily with just 1 line of SQL command.

ALL the data refers to your username, password, full name, contact number, address, IC & etc

From what i know, access to the database was denied since around 3AM. Only God knows how many people did what i said above having the whole database in their hands.

For your information, Gaysec Facebook Page has gained 200+ more fans in 24 hours after exposing information from both Nuffnang & Advertlets database.

In the past 48 hours :
There were 47 web reactions and 218 tweets tracked with both the keywords gaysec+nuffnang.
There were 40 web reactions and 85 tweets tracked with both the keywords gaysec+nuffnang.

You are encouraged to change your password. It’s better if you don’t use the same universal password for all the online accounts belong to you and change it periodically.

anyShare分享到:
9 Flares Twitter 2 Facebook 6 Google+ 0 Pin It Share 0 LinkedIn 1 Reddit 0 Email -- Filament.io Made with Flare More Info'> 9 Flares ×





2 Responses so far.

  1. Another mistake, therefore, is to size your curtains
    too short or too narrow. There are certain levels of
    illumination that can be harmful to the eye, so
    in assigning the quantity of light fixtures you put in a room, make sure you know how to balance them.
    Before you start working in a room, decide the kind of mood you want
    the room to present.

  2. The zoo is easily found and has plenty of parking
    space. ‘I have been boating my whole life and
    will continue to share the water with friends and family,’ he says.
    It was at this point in the day when our three year old son announced we was tired and needed
    a nap.

Leave a Reply





tiffanietan pixiepeks nicolechang vvens lili
67 stevenhumour lamebook foundshit cracked 9gag my milk toof premierleague livescore vimeomusicstore