Shortly after President Obama’s State of the Union address, constituents visiting the web sites of Congressional representatives like Charles Gonzalez (20th District of Texas), Spencer Bachus (Alabama’s 8th District), and Brian Baird (Washington’s 3rd District) were presented with a defacement message from the Red Eye Crew that as of 4:10 am EST remains up on their web sites. All of the sites affected are in the house.gov domain, but not every congressional site in the domain is defaced.
Archive for January, 2010
Less than 24 hours from the last web site defacement, TechCrunch has been defaced again early this morning by the same cracker(s) responsible for yesterday’s attack. Whatever preventative measures were taken yesterday (WordPress upgrade, HTTP authentication for wp-admin) have not blocked the attacker’s access to modify TechCrunch’s content, as this morning the attacker left a profane message on top of the homepage for Michael Arrington as well as a few media outlets like Yahoo and the BBC. At this point TechCrunch should perhaps be ensuring that there is no uploaded shell on the server the site is hosted on.
TechCrunch, the popular blog founded by Michael Arrington in 2005 that profiles technology start ups with posts about their products and company news was the victim of a website defacement that has effectively taken the site down for a period of three hours at time of writing. The site initially went down a little after 1 AM EST with a message of “Hi” on the homepage, and for a while seesawed between coming back up, being newly defaced, and showing a “We’ll be back shortly” message.
Microsoft has published the advanced notification for an unscheduled patch update release to occur tomorrow, outside of the normal patch Tuesday cycle. The update is for an Internet Explorer vulnerability reported to be a vector for the Aurora exploit which was used to attack Google and several other companies. The last time Microsoft released an [...]
Bad actors have taken advantage by engaging in search engine poisoning including taking over existing web sites, using techniques that boost search ranking, and installing malicious software using scareware tactics on user’s PC’s. They also set up fake donation web sites. Finally, they employ Spam e-mail, Twitter messages, and related electronic communication methods in order to direct users to these web sites.
Back on November 11th, 2009 we confirmed Laurent Gaffié’s remote exploit for Windows that causes a kernel crash. The operating system actually freezes creating a denial of service when for example a user is tricked into clicking on a link to a malicious SMB share on a web page. The SMB client goes into an infinite loop when processing this malformed request according to Microsoft. The video below demonstrates this effect, having a user click a web site link and showing the crash.
We begin a new year and arrive at the first patch Tuesday of the decade. The news and spread of malware related to Adobe Reader continues to gain momentum and the information security community believes that this year will produce more exploits using Reader. I will include both the Microsoft and Adobe updates in these [...]