News Document Title: ==================== RTL closed multiple medium priority vulnerabilities [FIXED!] Release Date: ============= 2011-08-27 Laboratory Article: =================== After anonymous annouced to attack the RTL Portal we decided to drop all our detected vulnerabilities on the RLT Webportal to secure the community. A vulnerability researcher (Alexander Fuchs) identified the persistent vulnerabilities and tried to notify the vendor multiple times. No repsonse has been arrived over weeks. The researcher decided to call RTL via phone and explained the bugs on the web portal. Some hours later, we saw that some people of anonymous tried to attack the webportal of RTL with a denial of service attack. This attack was not connected with the persistent script code inject of Alexander Fuchs. Alex is no member of the anonymous group and tried to protect the community against future attacks on a main module of the MyRTL Service. The persistent executed script code was non malicious to show what kind of power is behind this medium priority bug. BUGS FIXED: 2011-08-27 Press Spreaker of RTL: „Wir wissen derzeit nicht, ob es ein Hack oder nur ein technischer Fehler war“ V-Lab Administration: „We know that it is a persistent script code injection on the groups module of the RTL (MY) Website“ Comment by Researcher: „An apology from RTL was definitely okey. The bad reporters around the portals should do the same.“ Real News ... http://www.vulnerability-lab.com/news/get_news.php?id=29 Advisory: http://www.vulnerability-lab.com/get_content.php?id=257 Alexander Fuchs (Stellungnahme zu "GAMEZ". Der RTL Gamescom "Hack". ): http://www.youtube.com/watch?feature=player_embedded&v=1HwpPas3o6M Wrong News ... http://www.shortnews.de/id/913043/Hacker-legen-RTL-lahm-Website-gehackt http://de.ign.com/articles/news/9767/RTL-Website-gehackt-Update-Exploit-wurde-ausgenutzt- http://games-news.xchar.de/2011/08/round-5-gamescom-schaltet-sich-ein-hacker-attackieren-und-rtl-meldet-sich-zu-wort/ http://www.satundkabel.de/index.php/nachrichtenueberblick/medien/83175-update-rtl-bericht-qgamescomq-medienhueter-schalten-sich-ein http://www.dwdl.de/nachrichten/32536/gamer_hacken_rtlde_nach_diffamierendem_bericht/ http://www.gamers.de/news/14498/aktuell/die-rache-der-gamer-rtlde-wurde-gehackt.html http://meedia.de/internet/anonyme-hackten-rtlde/2011/08/25.html http://www.gamestar.de/specials/reports/2560501/explodiert_p2.html