Timthumb WordPress Hack

Posted by admin on 20/Sep/2011 in Security Alert Log | 0 comments

Many of the themes used with WordPress sites (the content management system in use on this web site) have used a popular image re-sizing script called Timthumb (http://www.binarymoon.co.uk/projects/timthumb/).

This script is used by hundreds of thusands of sites and is quite popular in the WordPress theming community. It was discovered last month that a vulnerability existed within certain versions of the script (http://code.google.com/p/timthumb/issues/detail?id=212). If you are using a WordPress theme with your mobile WordPress web site then it is highly likely that the Timthumb WordPress Hack can be exploited on your site (depending on when you last updated your theme). The author of the Timthumb script has provided a fix that you should apply to your site now.

It’s Not Personal

Most hacked sites are just black hat SEO scam artists trying to increase their own site ranking for whatever purposes. It’s not personal so don’t panic if you find you have been hacked. Don’t take it personally, they are not out to get you in particular.

Sites being hacked have always been a problem, if yours has never been hacked then consider yourself to be lucky. You have to do your best to make sure this kind of thing doesn’t happen but it still can.

Are You Monitoring Your Business’s Google Place?

Posted by SmsMyCustomers FSecure on 6/Sep/2011 in Security Alert Log | Comments Off

Running a small business can be a difficult job (particularly in today’s economic climate). Competition can be very cut-throat … and dirty tricks are sometimes played by the unethical.

For example: In 2003, Saad Echouafni, owner of Orbit Communications (a satellite television reseller), paid for an Ohio botmaster (Richard Roby) to DDoS the websites of two competitors. In 2005, Roby, the botmaster, was convicted of computer crimes in US federal court. Investigation into Roby’s crimes revealed a link to Echouafni and a co-conspirator (Paul Ashley) who also pleaded guilty to related crimes in 2005. Echouafni paid bail and fled US jurisdiction.

Reportedly, at the height of the DDoS attacks, Rapid Satellite and WeaKnees were offline for two weeks. It’s quite an interesting tale and you can read more here: Feds bust DDoS ‘Mafia’, by Kevin Poulsen.

Wow, a DDoS Mafia, circa 2003. But what’s the situation in 2011? (more…)

Diginotar Hacked by Black.Spook and Iranian Hackers

Posted by SmsMyCustomers FSecure on 5/Sep/2011 in Security Alert Log | Comments Off

Diginotar is a Dutch Certificate Authority. They sell SSL certificates.

Somehow, somebody managed to get a rogue SSL certificate from them on July 10th, 2011. This certificate was issued for domain name .google.com.

What can you do with such a certificate? Well, you can impersonate Google — assuming you can first reroute Internet traffic for google.com to you. This is something that can be done by a government or by a rogue ISP. Such a reroute would only affect users within that country or under that ISP.

But why would anybody want to intercept Google? Well, this is not really about the search engine at www.google.com. This is about the Gmail servers at mail.google.com and Google Docs at docs.google.com and maybe Google+ at plus.google.com.

We saw a similar attack in May (via Certificate reseller instantssl.it in Italy). That case was tied to Iran. So is this one. It’s likely the Government of Iran is using these techniques to monitor local dissidents.

Iran does not have its own Certificate Authority. If they did, they could just issue rogue certificates themselves. But since they don’t, they need such certificates from a widely trusted CA. Such as Diginotar.

(more…)

Anonymous Ops Britian and BART

Posted by SmsMyCustomers FSecure on 15/Aug/2011 in In The News, Security Alert Log | Comments Off

Here’s a new maxim for politicians, policy makers and public administrators: curtail, censor or otherwise limit communications technology in the real-world — expect online reprisals.

Hacker collective Anonymous released a “press release” on Saturday announcing OpBritian, a reaction to UK Prime Minister David Cameron’s suggestions that social media should be restricted in a time of crisis.

And while Anonymous states that actions by rioters were “violent”, they have no love for police authority, and so the enemy of my enemy is my friend. Besides promising online hacks, Anonymous has called for rebellion peaceful real-world protests on October 15th.

(more…)

Black Hat USA 2011

Posted by SmsMyCustomers FSecure on 6/Aug/2011 in Security Alert Log, Syndicated | Comments Off

It’s the week of Black Hat and DEF CON and thousands of computer security experts have gathered to Las Vegas.

Hot topics this year include Siemens PLC security, revamping the SSL model and Mac laptop batteries.

Mikko keynoting in DEF CON 19

One talk which was highly anticipated was Riley Hassell’s and Shane Macauley’s “Hacking Android”. For mysterious reasons both speakers never showed up for their own talk, leading to wild conspiracy theories on why this might have happened.

However, from antivirus point of view, the most interesting talk was Tavis Ormandy’s talk titled “Sophail”.

In the summer of 2010, Tavis Ormandy found a zero-day vulnerability from Windows Help and Support Center. Five days after informing Microsoft of the vulnerability, and before Microsoft had shipped a patch for it, Tavis publicly released proof-of-concept code. Days later, unknown malware authors integrated this code into drive-by-download exploits, which went on to infect tens of thousands of computers around the world.

Sophos experts vocally criticized Tavis for his action, and even nicknamed the patch that eventually followed to “Patch Tavis”

Fast forward to summer of 2011, and Tavis Ormandy released “A critical analysis of Sophos Anti-virus” in Black Hat.

In his highly unusual talk, Tavis explained that he had reverse engineered the Sophos anti-virus engine and released tools to decrypt the protection systems of Sophos detection databases.

Shifting gears, it’s good to note that connecting to a wireless network during DEF CON is really not recommended. There are simply too many hackers playing with the networks to make them safe. Even the official program pamflet wishes you “good luck” in connecting to the party network. This is nicely illustrated by just looking at the list Wi-Fi hotspots that were available in the DEF CON hotel:

Signing off,
-BO

On 06/08/11 At 03:48 AM

Researchers Discover How to Steal Credit Card Data Using Square

Posted by SmsMyCustomers on 5/Aug/2011 in Syndicated | Comments Off

Researchers attending the Black Hat security conference on Thursday demonstrated two ways in which Square — a mobile gadget that enables Android, iPhone, iPad, and iPod touch users to accept credit card payments — can be hacked to steal credit card data, with very little technical hardware required and “no technical skills at all.”

Hack turns Square into criminal tool

Posted by SmsMyCustomers on 5/Aug/2011 in Syndicated | Comments Off

Hackers have shown how to turn mobile payment service Square into a convenient tool for criminals to pump cash from stolen credit card numbers.

Accused AT&T-iPad hacker Andrew Auernheimer in plea talks

Posted by SmsMyCustomers on 28/Jul/2011 in Syndicated | Comments Off

NEW YORK (Reuters) – Andrew Auernheimer, accused of hacking into AT&T Inc servers and stealing the personal data of 120,000 Apple Inc iPad users, is in talks to plead guilty after his co-defendant did the same last month.

Police investigate James Murdoch parliament evidence

Posted by SmsMyCustomers on 23/Jul/2011 in Syndicated | Comments Off

News International chairman James Murdoch is facing renewed questions over evidence he gave to a British parliamentary scandal investigatng the phone hacking scandal earlier this week.

Your Cellphone: How Easy To Hack?

Posted by SmsMyCustomers on 22/Jul/2011 in Syndicated | Comments Off

The phone hacking scandal that led to the demise of News of the World and put News Corp. CEO Rupert Murdoch on the hot seat demonstrates how easy it is for predators to break into cell phones.