Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Silent Noise was hacked?

December 23rd 2009 in Uncategorized

See here:
http://matchent.com/wpress/?q=node/500

 

What is interesting is the IP address that the author of the blog post cites as the source of the trouble – 72.167.232.86.

72.167.232.86 belongs to GoDaddy (p3nlh036.shr.prod.phx3.secureserver.net).  The server at that IP is host to over 4,000 web sites.

 

As for how Silent Noise was hacked – that I cannot answer.  My first guess was that they were using WordPress but it looks like they may have migrated to Drupal (according to a blog post back in 2008).  If Drupal, there are security advisories for the Drupal Core, as well as “contributed projects” that should be investigated.

For example, look at this one:
http://drupal.org/node/579482

The description of the vulnerability reveals that:

“The core OpenID module does not correctly implement Form API for the form that allows one to link user accounts with OpenID identifiers. A malicious user is therefore able to use cross site request forgeries to add attacker controlled OpenID identities to existing accounts. These OpenID identities can then be used to gain access to the affected accounts.”

A nasty vulnerability.  It just goes to show – you need to keep *all* of your software updated *all of the time*. 


Comments are closed.

cdn-adrotation.com cdn-businessweek.com cdn-gamingahead.com cdn-justin.tv cdn-ovguide.com cdn-thestreet.com cdn-transworld.net cdn-veoh.com pdnads.com The Registrants are all hidden behind Domains By Proxy, Inc, all domains are hosted at IP 74.81.169.61 (carohosting.net), all were registered […]

Previous Entry

  Wayne Small, the owner of sbsfaq.com called me today and asked me to look into a malvertizing incident that he experienced while at tweetmeme.com.  You can see his report here. I have not been able to reproduce the behavior that Wayne saw thus far, but do […]

Next Entry

Archives