Re: [Full-disclosure] Fwd: Rate Stratfor's Incident Response!t was an interesting link - it
demonstrated the pwnage.

It looks like these folks gained access via PHP. Stratfor was using a
Linux based system system, but PHP was version 1.8
from 2009 (perhaps with some back patches). Current version of PHP is
5.3.8 (

Two lessons: (1) keep your boxes patched, and (2) don't store secrets
in the plain text, or use [unsalted] MD5 to digest secrets.

Fuck me running - that's been known for years.... I think Stratfor
broke all the major tenets of data security. The company deserves
everything they get in this instance.

And I like the RickRoll - it was a nice touch which really
demonstrated a level of caring not often seen.


On Sat, Jan 7, 2012 at 9:51 AM, Ed Carp <erc@xxxxxxxxx> wrote:

---------- Forwarded message ----------
From:  <george.friedman@xxxxxxxxxxxx>
Date: Sat, Jan 7, 2012 at 2:33 AM
Subject: Rate Stratfor's Incident Response
To: erc@xxxxxxxxx

For the video announcement, please see
Read full press release:!t
Rate Stratfor's incident response:

Hello loyal Stratfor clients,

We are still working to get our website secure and back up and running
again as soon as possible.

To show our appreciation for your continued support, we will be making
available all of our premium content *as a free service* from now on.

We would like to hear from our loyal client base as to our handling of
the recent intrusion by those deranged, sexually deviant criminal
hacker terrorist masterminds. Please fill out the following form and
return it to me

My mobile: 512-658-3152
My home phone: 512-894-0125

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Relevant Pages