Udderdude - Slashdot User

Submission + - Attacks on WordPress Sites Intensify as Hackers Deface Over 1.5 Million Pages (bleepingcomputer.com)

Submitted by Anonymous Coward on Thursday February 09, 2017 @07:48PM

An anonymous reader writes: Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages, spread across 39,000 unique domains.

Initial attacks using the WordPress REST API flaw were reported on Monday by web security firm Sucuri, who said four group of attackers defaced over 67,000 pages. The number grew to over 100,000 pages the next day, but according to a report from fellow web security firm WordFence, these numbers have skyrocketed today to over 1.5 million pages, as there are now 20 hacking groups involved in a defacement turf war.

Making matters worse, over the weekend, Google failed miserably when it warned website owners that registered WordPress sites in the Google Search Console. Google attempted to send security alerts to all WordPress 4.7.0 and 4.7.1 website owners (vulnerable to the REST API flaw), but some emails reached WordPress 4.7.2 owners, some of which misinterpreted the email and panicked, fearing their site might lose search engine ranking.

Submission + - Revisiting infamous Sony BMG rootkit scandal 10 years later (networkworld.com)

Submitted by alphadogg on Wednesday October 28, 2015 @01:30PM

alphadogg writes: Hackers really have had their way with Sony over the past year, taking down its Playstation Network last Christmas Day and creating an international incident by exposing confidential data from Sony Pictures Entertainment in response to The Interview comedy about a planned assassination on North Korea’s leader. Some say all this is karmic payback for what’s become known as a seminal moment in malware history: Sony BMG sneaking rootkits into music CDs 10 years ago in the name of digital rights management. “In a sense, it was the first thing Sony did that made hackers love to hate them,” says Bruce Schneier, CTO for Resilient Systems.

Sony's scheme was revealed on Halloween of 2005, and was followed by a botched response, issuing and reissuing of rootkit removal tools, and lawsuits. There are object lessons from the incident which are relevant today.

Submission + - Motorola Unveils Droid Turbo 2, Claims Shatterproof Display, 48 Hour Battery (hothardware.com)

Submitted by MojoKid on Wednesday October 28, 2015 @12:43PM

MojoKid writes: We've seen leaks and teasers for Motorola's new Droid Turbo 2 Android flagship for weeks. However, the Lenovo-owned company officially announced the smartphone, and it offers two highly sought after features: a long-running battery and a shatterproof display. Its battery has a 3760mAh capacity, allowing the Droid Turbo 2 to operate for up to 48 hours per charge. And if that wasn't enough, Motorola has incorporated Quick Charging support which allows the device to achieve 13 hours of battery life from a mere 15-minute charge. The most talked about feature, however, is its shatterproof display, which Motorola calls Moto ShatterShield. Motorola says that it's "the world's first phone screen guaranteed not to crack or shatter. The display sports a flexible AMOLED panel to absorb shocks, dual touch layers, a rigid aluminum backing, as well as interior and exterior lenses. At the launch event, Motorola was dropping the phone from about 6 feet up, direct to concrete and it was holding up to the abuse just fine.

Submission + - Bill Gates Sponsoring Palladium-Based LENR Technology (kitco.com) 1

Submitted by Baldrson on Thursday December 25, 2014 @12:31PM

Baldrson writes: Kitco.com reports that: "Low energy nuclear reactor (LENR) technology, and by extension palladium, is attracting the attention of one of the richest men in the world and a pioneer inventor of new technology... In a recent visit to Italy, billionaire business man, investor and inventor Bill Gates said that for several years he has been a believer in the idea of LENR, and is a sponsor of companies developing the technology... During his trip to Italy he visited the national agency for new technologies, energy and sustainable economic development (ENEA) where scientists have made significant progress towards a working design for low energy nuclear fusion. The centerpiece of their design is the same as in Mitsubishi’s: palladium. Creating palladium foil with just the right parameters, and managing stress levels in the material was a key issue, one that the researchers at EMEA were able to resolve several years ago." This is controversial to say the least. For example one of the first (1994) Idea Futures claims was that a palladium cold fusion device could produce even a small fraction of that claimed by many researchers over the last quarter century. That claim is presently selling at 2% odds and the judgement deadline is next week.

Submission + - Federal Judge: Facebook Must Face Suit for Scanning Messages

Submitted by Rambo Tribble on Thursday December 25, 2014 @12:20PM

Rambo Tribble writes: U.S. District Court Judge Phyllis Hamilton, on Tuesday, denied Facebook's bid to dismiss a class-action lawsuit against the social media giant, for violating users' privacy through the scanning of message content. In her rejection of Facebook's argument, the judge said the firm had, "...not offered a sufficient explanation of how the challenged practice falls within the ordinary course of its business."

Submission + - Linux 3.19 Kernel To Start 2015 With Many New Features (phoronix.com)

Submitted by Anonymous Coward on Thursday December 25, 2014 @11:22AM

An anonymous reader writes: Linux 3.18 was recently released thus making Linux 3.19 under development as the year comes to a close. Linux 3.19 as the first big kernel update of 2015 is bringing in the new year with many new features: among them are AMDKFD HSA kernel driver, Intel "Skylake" graphics support, Radeon and NVIDIA driver improvements, RAID5/6 improvements for Btrfs, LZ4 compression for SquashFS, better multi-touch support, new input drivers, x86 laptop improvements, etc.

Submission + - Russian Hackers Stole Millions From Banks, ATMs

Submitted by Anonymous Coward on Tuesday December 23, 2014 @01:29AM

An anonymous reader writes: Tens of millions of dollars, credit cards and intellectual property stolen by a new group of cyber criminals. Group-IB and Fox-IT, in a joint research effort, released a report about the Anunak hackers group. This group has been involved in targeted attacks and espionage since 2013. Anunak targets banks and payments systems in Russia and CIS countries. In Europe, USA and Latin America criminals were mainly focusing on retail networks as well as mass media resources. Anunak is unique in the fact that it aims to target banks and e-payment systems. The goal is to get into bank networks and gain access to secured payment systems. As a result, the money is stolen not from the customers, but from the bank itself. If they manage to infect governmental networks, they use the infrastructure for espionage.

Comment Re:Hmm (Score 1) 54

by Udderdude on Saturday June 06, 2009 @08:03AM (#28231819) Attached to: <em>Scribblenauts</em> Impresses Critics

You're probabally right, it seems more like a sandbox/toy than an actual game.

Comment Re:so where's the money going to come from? (Score 1) 180

by Udderdude on Sunday May 17, 2009 @02:19PM (#27987737) Attached to: 3D Realms Sued Over Failed <em>Duke Nukem Forever</em> Plans

Prey, good? You're kidding, right? The game where no matter how many times you die, you come right back? It was a joke of a game.

Half a Million Microsoft-Powered Sites Hit With SQL Injection 222

Posted by ScuttleMonkey on Monday April 28, 2008 @06:04PM from the little-bobby-tables-strikes-again dept.

Titus Germanicus writes to tell us that a recent attack has compromised somewhere in the neighborhood of 500,000 pages with a SQL injection attack. The vulnerability seems to be limited to Microsoft's IIS webserver and is easily defeated by the end user with Firefox and "NoScript." "The automated attack takes advantage to the fact that Microsoft's IIS servers allow generic commands that don't require specific table-level arguments. However, the vulnerability is the result of poor data handling by the sites' creators, rather than a specific Microsoft flaw. In other words, there's no patch that's going to fix the issue, the problem is with the developers who failed follow well-established security practices for handling database input. The attack itself injects some malicious JavaScript code into every text field in your database, the Javascript then loads an external script that can compromise a user's PC." Ignoring corporate spin-doctoring, there seems to be plenty of blame to go around.

Slashdot Top Deals