It looks like somebody hit a bunch of imageshack servers and replaced the images with this: I uploaded that image, somewhat ironically, to imageshack. Considering the number of images hosted at imageshack, I can imagine that browsing many forums is going to be annoying for the next few days. I noticed this ~15 minutes ago. About 10 minutes ago, the Wikipedia article for imageshack was updated. That's pretty fast news reporting. Thoughts?

Lemee get this straight... So their MO is to increase the security of networks, by limiting the availability of info on exploits (more likely limiting such info to the hacker community and subscribers to phrack and alt2600). To accomplish this, they will use threats (i.e. terrorism), thus bringing about a golden age of security, peace, and prosperity for all, where the concept of money is all but forgotten and 'anarchy rules.'

Is this right, or am I missing something?

That's what I think.

I think their logic is a little flawed there.

"People shouldn't be informed of these exploits, because people that would use them will find them easier and thus be able to use them",... As opposed to what? The people wanting to abuse the exploits spending a little more time to find the exploits posted on any number of random web forums?


Right,... If I ever meet someone that is part of this group, I'll wish for a large baseball bat at hand. Their nose needs reworking.

It sounds like this group is advocating "security through obscurity", which, is not a good security policy for anyone.

True, companies like norton and symantec stay in business because there are always new threats out there, and it's in their best business interests to hype the threats, but this little ill-thought stunt isn't hurting them or making a strong case for better security.

Quote: Original post by slayemin
It sounds like this group is advocating "security through obscurity", which, is not a good security policy for anyone.

"security through obscurity" is only a bad policy if it's your only policy. If you are actively working to squash bugs, there is no good reason to advertise just how many bugs you have.

If security knowledge is no longer shared in a security-community, who does that leave in charge??

..the hackers


It's a game for them. Just like making games for us is a game.

Quote: No images were harmed in the making of this... image.

Wow, that is... hilarious.

Yeah, every sig image on the other forum I'm on was turned into that. Some very long threads to scroll through. Our funny picture and gif dump threads took a nice hit too.

Seems to have worked itself out though.

Um, guys.

I think they're being ironic, or something.

As in, "Guess what? We found the vulnerability in ImageShack. As you can see, hiding vulnerabilities doesn't work as a security mechanism. Fix your vulnerabilities, or they WILL be found."

By putting the IS name on the image, they attribute the "anti-sec" stance to IS themselves, positioning the hackers to ridicule that stance. Notice how they talk about the image carrying an advertisement for the group exposing the vulnerability, yet they advertise IS instead of themselves.

Actually, if I had to guess, I'd say they're trying to hint subtly there that sharing the image (via the IS &#106avascripts, rather than a direct link which ought to be safe) somehow propagates the exploit to other IS servers (some kind of XSS worm?).<br><br>(I wasn't even remotely involved in this, but I do understand hacker humour.)