Hoax the Plone CMS hack of the FBI?

The developer of Plone CMS, often referred to as its most secure content management system (CMS). , reports that recent posts about a hack into FBI systems are most likely fake.

The CyberZeist hacker, acting on behalf of Anonymous, revealed that in late December he managed to break the CMS software used by the FBI, managing to intercept more than 150 accounts, with hashed passwords.

CyberZeist reported using a exploit in a security hole in the Plone CMS, which is being used by the FBI, and that zero-day is still being sold on the black market.

In a lengthy post today, Plone says that hacking the FBI's system is highly unlikely, noting that the company is not aware of any zero-day flaws in her.

"Security patch announcements are typically issued with two weeks' notice. If the Plone security team receives reports of a zero day exploit that is already in circulation, they will release a immediately," reports Plone.

Describing the hack's claim as a hoax, Plone tries to crack down the hack, pointing out that some of the details provided by CyberZeist are not accurate, as is the case of its server that the hacker reported to be FreeBSD 6.2 -RELEASE.

"It is extremely unlikely that FBI is running such an old version of FreeBSD. Furthermore, FreeBSD 6.2 provides Python 2.4, while Plone runs Python 2.5 and does not run on old versions of Python," Plone said.

So, what was the purpose of the hacker in reporting that he breached the the FBI?
Σύμφωνα με τη Plone, η οποία περιγράφει το λογισμικό της σαν "ένα εξαιρετικά ασφαλές σύστημα διαχείρισης περιεχομένου," ο hacker είναι πολύ πιθανό να προσπαθεί να πουλήσει ένα ψεύτικο exploit και χρειάζεται την διαφήμιση των μέσων ενημέρωσης για να αυξήσει την τιμή.

But for now, it's very difficult to say what happened to the FBI CMS, but CyberZeist has promised to give more information about the violation when the zero-day sale stops.

Either way, we'll find out who's lying somehow...

PS: I have to install this CMS, the company's claims to be the safest one on the market, I was curious.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

anonymousCMSexploitfreebsdhackhackerhoaxI'm sureplonepythonzero-daysecurityversioninformationaccountteaminfringementinformationsystem

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).