Mai 2012
M	D	M	D	F	S	S
« Mrz
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Verfasser-Archiv

WordPress blogs hit with mass malware attack - mass SQL Injection?

12.4.2010 von faintdreams.

[Source - http://www.downloadsquad.com/2010/04/12/wordpress-blogs-hit-with-mass-malware-attack/]

“Hundreds of WordPress blogs, particularly those hosted by Network Solutions, have been hit with an attack that cripples the blogs and redirects visitors to a URL that loads malware. The attack has been reported by both Sucuri Security Labs and Trend Micro. It works by replacing the contents of a WordPress blog’s “siteurl” field (under wp_options) with some HTML code. That field isn’t supposed to contain HTML, so it effectively breaks the blog.Security companies haven’t figured out how the blogs were exploited, although Sucuri says it was probably SQL injection or a database problem at Network Solutions. Network Solutions is investigating, and looking to blame a WordPress theme or plugin for the security hole, Trend Micro says. Trend Micro also has some info on the malware that the blogs are now redirecting to: it’s a known malware family called BUZUS, and antivirus software should be able to identify it.

If your blog was affected, change your siteurl bac k to its old value.You can find it under manage database, in the wp_option table. ”

This kind of platform attack is the most galling, because it’s something individual users of the software are powerless to protect themselves against. The onus is entirely on the hosting company, and it seems that in this case Network Solutions have a lotta ’splaining to do.

Geschrieben in link, general | Drucken | Keine Kommentare »

Microsoft Vista and Windows 7 UAC insanity

19.10.2009 von faintdreams.

Having recently been forced to migrate back to using Windows, I feel compelled to comment on Microsoft’s new ‘Security Enhancements’ in the Vista and Windows 7 OS.

Upon starting a Computing MSc I was dismayed to find out that the first trimester was windows- centric. Running a virtual machine under OSX on my Macbook was not practical (due to speed and HDD space concerns) and so I opted for a new lightweight Toshiba laptop to be my course workhorse.

For a non Linux machine, Vista (or nothing) were the OS choices I had and so reluctantly I opted for Vista - with a Windows 7 upgrade to follow as soon as that is available. Little did I know what I was letting myself in for.

The ‘User Access Control’ (UAC) in windows is useless - why? Because it is so intrusive as a piece of security software that I can only liken it to having to unlock 15 deadbolts, AND entering a safe combination every time you want to go through a door, or open a window inside your own house.

To fully understand how irritating it is to use ANY application under Vista with UAC turned on, let me explain that the previous example includes EVERY door / window in your house. You HAVE to shut each door / window behind you when you change rooms, and EVERY time you open a door you have to unlock all fifteen of the deadbolts AGAIN. Imagine your house is somewhat sentient, so ideally you want to say to your house “I have been to the toilet today. I do not wish to unlock the toilet door EVERY time I need to use it. I wish to authorise the door to stay open as long as the sensors see ME either entering or leaving the room.” “NO.” says your house, “I will not allow you to designate security passes to ANY of the doors. I will force you to lock and unlock EVERY DOOR, during EVERY INSTANCE OF USE. You can either authorise EVERY door / window for every instance of use, EVERY TIME or you have to leave all the doors / windows open to everyone ALL THE TIME.

Any sane person would just switch off the house security protocols and leave every door open all the time - right? WRONG.

What you want to do to keep your house secure is make sure that the front door and the windows are shut by default and only THOSE SPECIFIC INSTANCES of holes in your house require authorisation to open, and ONLY YOU have the key. As ‘Keyholder’ you can walk around the house unmolested the rest of the time without having to worry about constantly opening doors you just walked through. Also if you get a pet, you would supposedly want your pet to be able to walk unfettered from room to room, but not walk out the front door, or jump out of the windows.

I may be stretching the point somewhat, but in my illustration, the ‘you’ in the house is the logged on Administrative user, the doors / windows are pre-installed (or pre-approved) windows applications and the pet represents any third party applications you install.

Perhaps I am just being dense, but my google-fu fails me when it comes to ways to authorise individual Apps under the UAC tool.

So in essence I am reduced to leaving all my doors and windows open in order to do anything, and that is far from secure.

Geschrieben in opinion | Drucken | Keine Kommentare »