Metasploit.com defaced... sort of

Well, I feel vindicated. Wired is reporting that Metasploit was defaced via ARP spoofing. While the issue was fixed reasonably quickly, I have a personal affinity for this particular attack. You see, at DallasCon 2003, I used the exact same attack to quote-deface-unquote the target web server set up for a capture the flag competition. Within about an hour and a half of the contest's start, I had rerouted all the incoming traffic to my own laptop's Apache server, claiming victory with some "joo r 0wned" web page.

Unfortunately for me, my attack was discounted by the judges, because it wasn't "realistic," and thus, I didn't win the prize -- some $50 peice of 802.11 hardware, IIRC. The following year, ARP spoofing was specifically outlawed as a valid attack.

I'm happy to see that ARP spoofing a target from within the same broadcast network is, in fact, being used "in the wild" as they say. And it would have been effective for trojaning users, at least; you could do a fair bit of damage by cloning and replacing Metaspliot's download link with a custom keylogger version of the venerable attack suite.

So take that, conference organizers from 5 years ago! Now gimme me prize!