Friday, October 3, 2008

Interview With S@BUN, a Hacker from Turkey

Today’s interview is with S@BUN, a hacker from Turkey. S@BUN released a number of WordPress-related vulnerabilities recently and the BlogSec team wanted to find out a bit more about him.

Q: Would you please tell us a little about yourself?

A: I’m 26 years old and live in Turkey. Exploiting flaws has always been a hobby for me and now I’m writing bugs.

Q: How long have you been active within the security field? What got you started?

A: I’ve been in security for a long time, just hacking to begin with, but now I’m sending my exploits to sites.

Q: You have recently disclosed a number of WordPress and Joomla vulnerabilities to the public. What motivated you to target these web applications? Are other web applications just as vulnerable in your opinion?

A:Oh no problem joomla-wordpress-xoops-php-nuke-phpbb2. Its a hobby for me. Sometimes I send big exploits to site owners or company owners and other times I send them to sites like milworm-secruityfocus-securtyreason-secmania.

Q: A large number of your vulnerabilities focus on database manipulation (SQL Injection). Why did you choose this type of vulnerability?

A:I exploit SQL injection because ıts easy. I can write and use all types of vulnerabilities. Also inexperienced attackers can exploit them.

Q: BlogSec has mentioned on a few occasions that WordPress needs to provide database safe functions for its core code as well as for its plugin development. Would you agree with this? What else would you suggest that can help improve the security of these and similar web applications?

A: WordPress has a lot of software errors and I’ve sent them alot but I think they thought I was joking. I have 45-50 big exploits for WordPress. One day I will release them.

Thanks for taking the time to answer our questions.
BlogSec look forward to seeing more research from you in the future.


No comments:

Post a Comment