*lol*

1337 d00dz ;-)

I'm glad that my government doesn't hold any sensitive information about me. Oh, wait... uh...
posted by Chunder at 8:56 AM on February 8, 2005

But I thought all government web sites were Own3d by the P3Opl3!
posted by OhPuhLeez at 8:56 AM on February 8, 2005

...Actually, upon further investigation, it would appear that - apart from the "Professional Computer Association of Lebanon", *only* Government sites have been h4xx0r3d. Weird.
posted by Chunder at 9:00 AM on February 8, 2005

Could someone enlighten, um, me?
posted by Captaintripps at 9:05 AM on February 8, 2005

yeah, kind of lame to just link to a google search. I'm with you tripps...give us some more info.
posted by j.p. Hung at 9:09 AM on February 8, 2005

It's an FTP buffer overflow exploit.
posted by mr_crash_davis at 9:16 AM on February 8, 2005

Not much else to say. There's a hack that adds "0wn3d by NoPh0BiA" to websites. That's all I know.
posted by basilwhite at 9:18 AM on February 8, 2005

No, the exploit isn't limited only to government sites; the link in the main post is to a Google search that filters on .gov, so that's all it returns. Go into "Advanced Search," remove the filter, and you'll see more results.
posted by Creosote at 9:34 AM on February 8, 2005

That's great. Thanks for posting it.
posted by xmutex at 9:38 AM on February 8, 2005

Or just delete the site:gov from the search string.

Kind of funny.
posted by fenriq at 9:38 AM on February 8, 2005

Not sure what if any conlusions to draw, but 214 out of 1,070 of the sites identified by the google search were .gov.
posted by forforf at 9:39 AM on February 8, 2005

site:.gov, oops. 1070, impressive.
posted by fenriq at 9:39 AM on February 8, 2005

pointless, but the Issa photos definitely make it worthwhile.
posted by mrgrimm at 9:49 AM on February 8, 2005

Try just searching on "NoPh0BiA" - you can find the source code and the author's home page - http://noph0bia.lostspirits.org/

Looks like it gives you a privileged "shell" (command line session, possibly cmd.exe?) on the vulnerable host of your choice, given an IP address and nominal username and password.
posted by kcds at 9:50 AM on February 8, 2005

One hundred and elevens all around.
posted by haqspan at 10:03 AM on February 8, 2005

Wow. 6 websites. That's so many. Sad.
posted by Sir Mildred Pierce at 12:02 PM on February 8, 2005

I still don't understand what exactly it means/does. The sites look normal, just the google results show "owned..."
posted by fixedgear at 4:30 PM on February 8, 2005

I still don't understand what exactly it means/does. The sites look normal, just the google results show "owned..."

It looks like many of the sites have been "corrected", but others still have the "owned" text in them, so I assume all these pages were hacked.
posted by bobo123 at 6:21 PM on February 8, 2005

heh
this site Graphs the number of search-results for "0wn3d by NoPh0BiA"


theres also one for the Santy worm / NeverEverNosanity one. This site rated a mention in the f-secure blogs, pretty neet
posted by leighm at 4:40 PM on February 9, 2005