Author Topic: Istock down (Read 8751 times)

CvanDijk · « **on:** March 03, 2009, 21:20 »

I read on Nicolesy's facebook that Istockphoto is down:

RT @kkthompson: There is a phishing attack happening against iStockphoto. We've taken down the site as a precaution.

I hope it's not taking to long

Graffoto · « **Reply #1 on:** March 03, 2009, 21:28 »

Well it has been down for at least an hour and a half at this point from when I first noticed it

My sales were not that great today... but now they are toast!
It of course really hurts people like Sean a lot more than little guys like me.

Still not fun though.

disorderly · « **Reply #2 on:** March 03, 2009, 21:36 »

Boy, if I were exclusive, I'd be seriously pissed right about now...

helix7 · « **Reply #3 on:** March 03, 2009, 21:38 »

Quote from: disorderly on March 03, 2009, 21:36

Boy, if I were exclusive, I'd be seriously pissed right about now...

Word...

KarenH · « **Reply #4 on:** March 03, 2009, 21:44 »

I feel for the IT guys there, probably a long night ahead of them.

gostwyck · « **Reply #5 on:** March 03, 2009, 21:45 »

Quote from: disorderly on March 03, 2009, 21:36

Boy, if I were exclusive, I'd be seriously pissed right about now...

Why? That's simply the risk you take when you put all your eggs in one basket. It's hardly a surprise for IS to go down, it happens quite frequently, and it's something that any exclusive would obviously have factored into their calculation.

Gregor909 · « **Reply #6 on:** March 03, 2009, 21:49 »

Dam*n hackers. Shoot them all those miserable f*cks!

helix7 · « **Reply #7 on:** March 03, 2009, 22:14 »

They're back up.

Sounds like passwords may have been compromised. Might be a good time to change to a new one...

UncleGene · « **Reply #8 on:** March 03, 2009, 22:37 »

Very strange.
1. For a _real_ phishing attacks IS seems to be too small of a target. Big bad guys do not waste their time on something like this.
2. For _any_ type of phishing attack - how can taking site down help?

And to helix7 - phishing attacks compromise passwords only for those who got phished

yingyang0 · « **Reply #9 on:** March 03, 2009, 23:33 »

Quote from: UncleGene on March 03, 2009, 22:37

2. For _any_ type of phishing attack - how can taking site down help?

That's what I was thinking too.

disorderly · « **Reply #10 on:** March 03, 2009, 23:41 »

Quote from: gostwyck on March 03, 2009, 21:45

Quote from: disorderly on March 03, 2009, 21:36
Boy, if I were exclusive, I'd be seriously pissed right about now...

Why? That's simply the risk you take when you put all your eggs in one basket. It's hardly a surprise for IS to go down, it happens quite frequently, and it's something that any exclusive would obviously have factored into their calculation.

I wouldn't call that obvious at all. Moreover, I bet there are a lot of exclusives who hadn't given it much thought before an incident like this. Just because something can be predicted doesn't mean it will be, at least not by everybody.

leaf · « **Reply #11 on:** March 04, 2009, 01:25 »

here is a link to the istock thread
http://www.istockphoto.com/forum_messages.php?threadid=85143

araminta · « **Reply #12 on:** March 04, 2009, 02:43 »

Quote from: yingyang0 on March 03, 2009, 23:33

Quote from: UncleGene on March 03, 2009, 22:37
2. For _any_ type of phishing attack - how can taking site down help?
That's what I was thinking too.

I'd guess it helps prevent hackers from using the stolen credentials and take the money.

MichaelJay · « **Reply #13 on:** March 04, 2009, 03:27 »

Quote from: araminta on March 04, 2009, 02:43

Quote from: yingyang0 on March 03, 2009, 23:33
Quote from: UncleGene on March 03, 2009, 22:37
2. For _any_ type of phishing attack - how can taking site down help?
That's what I was thinking too.
I'd guess it helps prevent hackers from using the stolen credentials and take the money.

Also apparently the fishing attack was somehow distributed through Forum posts and/or Sitemail, I have no details yet. So closing the site prevented further distribution of the problem.

Anyway, recommendation is to a) change your password on iStockphoto if you have doubts and b) check if you are using the same username/password combination of other sites. You might be vulnerable there as well.

CraigSwatton · « **Reply #14 on:** March 04, 2009, 05:14 »

Quote from: disorderly on March 03, 2009, 21:36

Boy, if I were exclusive, I'd be seriously pissed right about now...

Why? S**t happens and the attack could have happened anywhere, I'm just thankful and impressed istock dealt with it so quickly and efficiently.

Yes it might dent yesterday's sales but closing the site isolated the problem and stopped it becoming a major issue!

Sean Locke Photography · « **Reply #15 on:** March 04, 2009, 07:25 »

Quote from: disorderly on March 03, 2009, 21:36

Boy, if I were exclusive, I'd be seriously pissed right about now...

Yeah, I don't understand this either. It wasn't their fault and it was dealt with. A small downtime is just a part of business.

vonkara · « **Reply #16 on:** March 04, 2009, 09:30 »

OMG I was constantly logged out of Istock yesterday, like someone was loggin in from another computer.

UncleGene · « **Reply #17 on:** March 04, 2009, 10:38 »

Quote from: UncleGene on March 03, 2009, 22:37

Very strange.
1. For a _real_ phishing attacks IS seems to be too small of a target. Big bad guys do not waste their time on something like this.
2. For _any_ type of phishing attack - how can taking site down help?

And to helix7 - phishing attacks compromise passwords only for those who got phished

Correction. As they say it was from forums ans sitemail, they did not have phishing attack. It was XSS exploit, and yes, everybody should change passwords (though who knows how many XSS holes they still have)

Sean Locke Photography · « **Reply #18 on:** March 04, 2009, 12:10 »

Correction. It was links sent to members in sitemail an forums, so it was just phising, and not whatever xss stuff you're talking about.

Gregor909 · « **Reply #19 on:** March 04, 2009, 12:12 »

If our passwords are really out there...why doesn't Istock inform us about this. There are so many contributors who never read the forums!

digiology · « **Reply #20 on:** March 04, 2009, 12:39 »

I got a warning notice from Lookstat to change my passwords last night, but nothing from IS now that you mention it. $:-\$

and what is XSS anyway?

UncleGene · « **Reply #21 on:** March 04, 2009, 12:40 »

Quote from: sjlocke on March 04, 2009, 12:10

Correction. It was links sent to members in sitemail an forums, so it was just phising, and not whatever xss stuff you're talking about.

Are you absolutely sure? The difference is simple: if it was phishing, only ones who used these links are in a bad shape; in case of xss - anybody who visited the site.

UncleGene · « **Reply #22 on:** March 04, 2009, 12:44 »

Quote from: lclark on March 04, 2009, 12:39

I got a warning notice from Lookstat to change my passwords last night, but nothing from IS now that you mention it. $:-\$

and what is XSS anyway?

In simple words:
Phishing - you are tricked to go to different site
XSS - somebody puts the code on IS that (may) share all your data

You can defend yourself from (1) by never using insecure login on IS (do not use one on top of the page, go to a separate login page, and always check "secure" icon in your browser), but the only defense from (2) is to disable javascript - and this in turn will make IS unusable.

vonkara · « **Reply #23 on:** March 04, 2009, 12:57 »

This attack created a fake istockphoto.com login screen, prompted the user for a username & password, saved them to a malicious server, then redirected the user back to the iStockphoto main page.

http://www.istockphoto.com/forum_messages.php?threadid=85143 From leaf post earlier

Does this help?

RacePhoto · « **Reply #24 on:** March 04, 2009, 13:22 »

Quote from: Vonkara on March 04, 2009, 12:57

This attack created a fake istockphoto.com login screen, prompted the user for a username & password, saved them to a malicious server, then redirected the user back to the iStockphoto main page.

http://www.istockphoto.com/forum_messages.php?threadid=85143 From leaf post earlier

Does this help?

Yes, because in simple terms, only people who logged in to the fake site are at risk, no one else!

This afternoon a phishing attack was conducted in the forums and through sitemail. This attack created a fake istockphoto.com login screen, prompted the user for a username & password, saved them to a malicious server, then redirected the user back to the iStockphoto main page.

Unless you logged in to forums or sitemail, during the afternoon, there's nothing to panic about.

I have a different password for each agency, which is a good idea if you want to make yourself fell better, should someone actually break into a database. I have a notebook with my passwords, so I don't forget them.

Could just be a sign of old age?

MicrostockGroup Sponsors

Author Topic: Istock down (Read 8751 times)

CvanDijk

Graffoto

disorderly

helix7

KarenH

gostwyck

Gregor909

helix7

UncleGene

yingyang0

disorderly

leaf

araminta

MichaelJay

CraigSwatton

Sean Locke Photography

vonkara

UncleGene

Sean Locke Photography

Gregor909

digiology

UncleGene

UncleGene

vonkara

RacePhoto

Related Topics

Sponsors

Microstock Poll Results

Sponsors