Alleged Attacker Flaunts Details of phpBB Hack
Robert Lemos writes on SecurityFocus:
A vulnerability in the PHPlist newsletter manager, which was publicly disclosed in mid-January but not fixed until two weeks later, allowed an attacker to access critical files on phpBB.com, the person claimed over the weekend.More here.
In a post on Blogger on Saturday, a person who claims to have breached the Web site of open-source online community software phpBB gave a detailed account of how he did it. Using a vulnerability in PHPlist publicly disclosed on January 14, the attacker gained access to the password and configuration files for the server, according to the post. The attack occurred before the PHPlist developers issued a patch for the problem on January 29.
"So I login and see what I can come across, wow 400,000 registered emails, I’m sure that will go quick on the black market, sorry people but expect a lot of spam," the self-proclaimed attacker wrote.
The incident matches the description of the attack posted by administrators of phpBB.com on Monday.