Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

WordPress Sites Under Attack From New Zero-Day In WP Mobile Detector Plugin (softpedia.com) 50

An anonymous reader writes: A large number of websites have been infected with SEO spam thanks to a new zero-day in the WP Mobile Detector plugin that was installed on over 10,000 websites. The zero-day was used in real-world attacks since May 26, but only surfaced to light on May 29 when researchers notified the plugin's developer. Seeing that the developer was slow to react, security researchers informed Automattic, who had the plugin delisted from WordPress.org's Plugin Directory on May 31. In the meantime, security firm Sucuri says it detected numerous attacks with this zero-day, which was caused by a lack of input filtering in an image upload field that allowed attackers to upload PHP backdoors on the victim's servers with incredible ease and without any tricky workarounds. The backdoor's password is "dinamit," the Russian word for dynamite.
Facebook

That North Korean Facebook Clone Has Already Been Hacked (vice.com) 84

Remember yesterday's story about an off-the-shelf Facebook clone in North Korea? Within a few hours that site was hacked by an 18-year-old college student in Scotland. An anonymous reader writes: Using the default credentials, Andrew McKean posted "Uh, I didn't create this site just found the login" in the site's box for Sponsored links. "McKean was able to become an admin for the site just by clicking on the 'Admin' link at the bottom of the site and guessing the username and password," writes Motherboard, which adds that the password was "password". McKean says the breach "was easy enough," and granted him the ability to "delete and suspend users, change the site's name, censor certain words and manage the eventual ads, and see everyone's emails."
The teenager said he had "no plans" for the compromised site -- except possibly redirecting it to an anti-North Korean page.
Security

Hundreds of Drupal Sites Targeted With Fake Ransomware (softpedia.com) 51

An anonymous reader writes: A group of hackers have created a ransomware strain that specifically targets Drupal sites. Infection occurs thanks to an automated bot which scans Drupal sites and then uses an SQL injection (CVE-2014-3704) to change the site admin's password. The bot also dumps any emails it finds on the server, and then overwrites the site's main page to show a typical ransomware note. Over 400 sites have been infected until now, but nobody has paid the ransom yet.

This case yet again proves why "Web ransomware" will never work because even the worst Web hosting service provides automatic backups from where they could retrieve a clean version of their site.

Open Source

WordPress Plugin Comes With a Backdoor, Steals Admin Credentials In Cleartext 76

An anonymous reader writes that a WordPress plugin for managing custom post types has apparently been forcibly taken over by an Indian developer who has added a backdoor to the code which lets him install files on infected sites. "This backdoor also allows him to download files which add his own admin account to the site, and even alter core WordPress files so every time a user logs in, edits his profile, or a new user account is created, the user's password is collected (in cleartext) and sent to his server. WordPress hasn't moved in to ban the plugin just yet, despite user complaints.
Government

Drupal Creator Floats an "FDA For Data and Algorithms" 71

jeffengel writes: When Facebook's news feed and Google's search bar have the power to influence voter decisions, is it time for government oversight? That's what Dries Buytaert, creator of Drupal and co-founder of Acquia, is proposing: an "FDA for data and algorithms." The move would aim to boost transparency, but it also raises tough questions. What exactly would such an agency be tasked with monitoring, and what would its penalties look like? Would it wield too much power, pushing the U.S. closer to China levels of information control? Buytaert is pitching the idea as part of a broader push for a more open Web that reduces the dominance of a handful of platforms.
Businesses

The History of SQL Injection, the Hack That Will Never Go Away (vice.com) 193

An anonymous reader writes with this history of SQL injection attacks. From the Motherboard article: "SQL injection (SQLi) is where hackers typically enter malicious commands into forms on a website to make it churn out juicy bits of data. It's been used to steal the personal details of World Health Organization employees, grab data from the Wall Street Journal, and hit the sites of US federal agencies. 'It's the most easy way to hack,' the pseudonymous hacker w0rm, who was responsible for the Wall Street Journal hack, told Motherboard. The attack took only a 'few hours.' But, for all its simplicity, as well as its effectiveness at siphoning the digital innards of corporations and governments alike, SQLi is relatively easy to defend against. So why, in 2015, is SQLi still leading to some of the biggest breaches around?"
Security

WordPress Hacks Behind Surging Neutrino EK Traffic 51

msm1267 writes: More than 2,000 websites running WordPress have been compromised and are responsible for a surge this week in traffic from the Neutrino Exploit Kit. Attacks against sites running older versions of the content management system, 4.2 and earlier, were spotted by Zscaler. Those sites are backdoored and redirect a victim's browser through iframes to a landing page hosting the exploit kit where a Flash exploit awaits. The exploits generally target Internet Explorer, Zscaler said, and victims' computers are eventually infected with CryptoWall 3.0 ransomware. This analysis is in line with a similar report from the SANS Institute, which pointed the finger at a particular cybercrime group that had steered away from using the prolific Angler Exploit Kit and moved operations to Neutrino.
Wikipedia

The Bizarre and Complex Story of a Failed Wikipedia Software Extension 94

metasonix writes Originally developed by Wikia coders, "Liquid Threads" was intended to be a better comment system for use on MediaWiki talkpages. When applied to Wikipedia, then each Wikipedia talkpage or noticeboard would become something resembling a more modernized bulletin board, hopefully easier to use. Unfortunately, the project was renamed "Flow" and taken over by the Wikimedia Foundation's developers. And as documented in this very long Wikipediocracy post, the result was "less than optimal." After seven years and millions of dollars spent, even WMF Director Lila Tretikov admits "As such it is not ready for 'prime time' for us."
Security

Drupal Warns Users of Mass, Automated Attacks On Critical Flaw 76

Trailrunner7 writes The maintainers of the Drupal content management system are warning users that any site owners who haven't patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that's designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.
Security

Large DDoS Attack Brings WordPress Pingback Abuse Back Into Spotlight 58

angry tapir writes "Attackers have abused the WordPress pingback feature, which allows sites to cross-reference blog posts, to launch a large-scale, distributed denial-of-service (DDoS) attack, according to researchers from Web security firm Sucuri. The attack involved over 162,000 legitimate WordPress websites being forced to send hundreds of requests per second to a popular WordPress site, preventing access to it for many hours. The attack exploited an issue with the XML-RPC (XML remote procedure call) implementation in WordPress that's used for features like pingback, trackback, remote access from mobile devices and others, and brought back into the spotlight the denial-of-service risks associated with this functionality that have been known since 2007."
SuSE

OpenSUSE Forums Defaced, Email Addresses Leaked 82

sfcrazy writes "The openSUSE Forums were hijacked yesterday. An alleged Pakistani hacker who goes by handle H4x0r HuSsY reportedly exploited a vulnerability in the vBulletin 4.2.1 software SuSE uses to host the forum. vBulletin is a proprietary forum software. The openSUSE team notes that user passwords were not compromised. 'Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.' It's shocking to learn that SUSE/openSUSE are using proprietary forum software vBulleting as well as proprietary single sign on solution." SuSE was using vBulletin 4.x which has no known fix for the security hole, and they are leaving the forums offline for now. It seems likely they'll be upgrading to the 5.x series.
Google

Google Bots Doing SQL Injection Attacks 156

ccguy writes "It seems that while Google could really care less about your site and has no real interest in hacking you, their automated bots can be used to do the heavy lifting for an attacker. In this scenario, the bot was crawling Site A. Site A had a number of links embedded that had the SQLi requests to the target site, Site B. Google Bot then went about its business crawling pages and following links like a good boy, and in the process followed the links on Site A to Site B, and began to inadvertently attack Site B."
Chrome

Google Chrome Is Getting Automatic Blocking of Malicious Downloads 138

An anonymous reader writes "Google today announced Chrome is getting an automatic download blocking feature for malware. Google has already added the new functionality to the latest build of Chrome Canary. All versions of Chrome will soon automatically block downloads and let you know in a message at the bottom of your screen. You will be able to "Dismiss" the message, although it's not clear if you will be able to stop or revert the block."
Security

PHP.net Compromised 189

An anonymous reader writes "The open source PHP project site was compromised earlier today. The site appears to have been compromised and had some of its Javascript altered to exploit vulnerable systems visiting the website. Google's stop-badware system caught this as well and flagged php.net as distributing malware, warning users whose browsers support it not to visit the site. The comment by a Google employee over at the hacker news thread (official Google webmaster forum thread) seems to suggest that php.net wasn't incorrectly flagged."

Slashdot Top Deals

Center meeting at 4pm in 2C-543.

Working...