Browser Tack: hacker debuted at old test machine via Shellshock bug




Tack browser has an explanation on how to get a hacker email addresses of users. According to the browser testing service knew the attacker thanks Shellshock bug outdated server on Amazon Web Services to enter.

The excuse mail Browser Tack describes the probable method of the hacker. The attacker would have access via Shellshock vulnerability in Bash gained to an old phased server within the virtualized environment that runs Browser Tack on Amazon Web Services. So the hacker got the API keys for AWS in hands. Using this information he was able to set up their own virtual server and impersonate a legitimate Browser Tack administrator.

The attacker began according Browser Tack personal and copy log data from a database. This beat monitor alarm systems, and the hacker was blocked. He was, according to the browser testing service able to copy in a short time an estimated five thousand account information, and then these users an email send which was written include wrongly that Browser Tack would close its doors.

Browser Tack apologizes for the incident but maintains that the damage was relatively limited. Not only would be copied less than 1 percent of the active account data, also emphasized the company that no credit card details are captured. Also, not only hashed passwords, but also salted, based on the strong bcrypt algorithm and all production of timely Browser Tack would feature a Shellshock patch. Furthermore, the company claims to have additional security measures, including encryption of backups and the execution of a security audit on the AWS infrastructure by a third party.


In: Technology & Gadgets Asked By: [15484 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »