Anti-Sec Crusade Against Full-Disclosure. "Imageshacked"

[klange]

So, I'm sure that by now you've seen this thing:



... instead of some image you were looking for.

What is Full Disclosure?

Full disclosure is when whitehat hackers (the good guys) release information on critical exploits to demand that they be fixed and patched immediately. When exploits aren't publicly released, many software developers ignore them and allow them to stay in code - creating security risks that can be exploited when blackhats (the bad guys) find them.

What's Anti-Sec doing?

They've hacked ImageShack so that instead of serving the images you've uploaded, they are randomly returning the image pictured above to try and "fight" full-disclosure. They are wasting your bandwidth and breaking our forum rules to do this, and also wasting our time.

Why are they wrong?

Full-disclosure is the opposite of security-through-obscurity. It is at the heart of why open-source projects like Linux are so secure: the freely available source-code has precisely the same effect as releasing exploit information for a proprietary application. Even Apache's security updates are driven by publicly posted exploits. By fighting this long-established security practice, ImageShack is not only wasting our time and money, but they are also defending the most ridiculous methodology in existence.

What can you do to stop them?

I have no idea where this campaign came from, I just saw the image, read it, got extremely pissed off, grabbed a more reputable source, sat down and typed this post. There's no way to block the specific image as it is randomly returned from ImageShack, so you'd just have to block all of their images. What I can say is that we have hundreds of other places to upload our images. I've been using my own server for years, and while it's painfully slow, it offers much better service than ImageShack.

The only solution right now is stop using ImageShack to host your images.


UPDATE: ImageShack was hacked by Anti-Sec to put these up. Either way, avoid ImageShack to ensure that your images aren't replaced by this annoying message.

ANTI-SEC IS A BLACKHAT HACKING GROUP - They are looking to shut down sites like Bugtraq to capitalize on zero-day exploits.

[Xetsuei]

Bumpin' this to the top.

Imageshack is being retarded.

[StankBacon]

sup

[Rook]

www.tinypic.com for life

bacon your site was ok for my albums though!!

[Cojafoji]

www.tinypic.com for life

bacon your site was ok for my albums though!!

WORST. FUCKING. SITE. EVER.

[jcap]

I've been ranting to Snaf about this on AIM.

I can't believe the dildo stuck up Imageshack's ass right now. I bet they are running Linux for their servers too, which would not be nearly as secure if it wasn't for full-disclosure, as you stated in your post.

If nothing was ever publicly disclosed, nothing would ever be done about any discovered exploits. It's the fear that something WILL happen when they are made public that drives them to be patched. If all of the Internet Explorer and Windows exploits discovered by the public were not fully disclosed, Microsoft would have fully ignored them (as we ALL know they do) and it would be sitting in an archive, waiting for that one day that someone decides to launch their attack.

One of the best examples of this that everyone in the Halo community should be familiar with is the Haloboom exploit. This was kept quiet and privately submitted to Microsoft. When they refused to take action after months of waiting, the exploit was finally fully disclosed. Once the attacks started, the game was patched within a few days.

I would laugh my damn ass off if Imageshack was hacked using some exploit and their campaign image was replaced. Oh my god, I might just die from asphyxiation from laughing so hard....or is this a hack in response to their anti-sec campaign?

[FRain]

Imageshack used to be Imageshack.

Now it's imageshit.

Photobucket FTW.

[Rook]

Hey guys hey guys

http://mashable.com/2009/07/10/imageshack-hacked/

[Bodzilla]

thats some increidble usage of puns you have there flaming rain.


i think i'll lock my thread in Feedback section and continue the discussion in here.

[sdavis117]

The only solution right now is stop using ImageShack to host your images.

I've been trying that for a couple years and it still isn't working.

I like photobucket much more then I like Imageshack.