ImageShack Hacking Brings Full Disclosure Debate into Focus
Article by George Norman
On 14 Jul 2009
ImageShack, one of the best known image hosting web pages out there, has been hacked over the course of the weekend. The people responsible for the attack, who call themselves “Anti-sec Movement,” managed to compromise the ImageShack web page; consequently all visitors to the site were redirected to an image which explains why the group did it all.

It seems that the Anti-sec Movement is not a big fan of the full disclosure practice that goes on in the IT security world. Basically this means that when a security vulnerability is uncovered, its existence and all other details about it are made public (hence the full disclosure term). The Anti-sec Movement does not believe this practice to be beneficial and is an avid supporter of nondisclosure – so avid that it has threatened to hack other sites that publish full details about security exploits.

Advertising

“We learned that the group had gained control of how images were being displayed. Before 9 p.m. PST, normal functionality had been restored to user images. No user data or content was damaged or lost,” explained ImageShack.

Here is the full text contained in the image ImageShack visitors were re-directed to:

Anti-sec. We are a movement dedicated to the eradication of full-disclosure. We wanted to give everyone an image of what we are all about.

Full-disclosure is the disclosure of exploits publicly - anywhere. The security industry uses full-disclosure to profit and develop scare-tactics to convince people into buying their firewalls, anti-virus software, and auditing services.

Meanwhile, script kiddies copy and paste these exploits and compile them, ready to strike any and all vulnerable servers they can get a hold of. If whitehats were truly about security this stuff would not be published, not even exploits with silly edits to make them slightly unusable.

As an added bonus, if publication wasn’t enough, these exploits are mirrored and distributed widely across the internet with a nice little advertisement embedded in them for the crew or website which first exposed the vulnerability to the public.

It’s about money. While the world is difficult to change, and money will certainly continue to be very important in the eyes of many, our battle is that of the removal of full-disclosure for the purpose of making it harder for the security industry to exploit is consequences.

It is our goal that, through mayhem and the destruction of all exploitive and detrimental communities, companies, and individuals, full-disclosure will be abandoned and the security industry will be forced to reform.

How do we plan to achieve this? Through the full and unrelenting, unmerciful elimination of all supporters of full-disclosure and the security industry in its present form. If you own a security blog, an exploit publication website or you distribute any exploits…”you are a target and you will be rm’d. Only a matter of time.”

This isn’t like before. This time everyone and everything is getting owned.

Signed: The Anti-sec Movement


While I do agree that full-disclosure can be detrimental security-wise, there are times when sharing details about a security hole with the rest of the world needs to be done. Like when you reported the vulnerability to the developer and the developer takes forever to patch it. I’m talking about the Java vulnerability in Mac OS X that Landon Fuller uncovered; vulnerability that Apple knew about for 6 months but rushed to patch it only after Fuller publicly disclosed it.



Tags: ImageShack, Hack, Full disclosure
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
ImageShack Hacking Brings Full Disclosure Debate into Focus
HTML Linking Code