A campaign spokesman acknowledged that the official site of the Bush-Cheney campaign has been rejecting requests from outside North America since Monday morning. "The measure was taken for security reasons," campaign spokesman Scott Stanzel told news services, but did not elaborate on that statement.

A dynamically updating chart of site performance for GeorgeWBush.com from different points is available here.

Surprisingly, none of the coverage that we have seen to date has considered the possibility that it might be a well executed scheme aimed at increasing international awareness of the site.

The “calculated indifference ploy”, has previously been popularised by the fictional character Reginald Perrin, commercialised by the publishing industry who adopted the moto “If you want to sell a book, first get it banned”, and deployed by generations of parents who learned “If you really want to get something done, deny your children permission to do it”.

Many thousands of people living outside the US who were previously unaware of the site are now earnestly seeking out ways of accessing it.

The official campaign web site for U.S. President George W. Bush appears to be rejecting visitors from most points outside the United States, while allowing access from U.S. locations.

Netcraft monitors web site response times from seven locations, including four within the United States and three in other countries. Since Monday morning, requests to GeorgeWBush.com from stations in London, Amsterdam and Sydney, Australia have failed, while the four U.S. monitoring stations show no performance problems. Web users in Canada report they are able to visit the site.

A dynamically updating chart of site performance for GeorgeWBush.com is available here.

On Oct. 21, GeorgeWBush.com began using the Akamai content distribution network to manage traffic to the site, which is hosted at SmarTech Corporation. The shift followed a six hour outage on Oct. 19, which also affected RNC.org, the official web site of the Republican National Committee. Domain name system (DNS) inquiries show requests to GeorgeWBush.com from outside the U.S. being dropped. A request from the U.K. returns a "403 forbidden" response from the server and a web page saying "Access denied: You don't have permission to access http://georgewbush.com on this server."

(more...)

Hackers have compromised the download server for the open source PostNuke content management system, redirecting users to malicious code in place of the .zip download of the PostNuke program. The hacked code was distributed for more than 32 hours before PostNuke site maintainers addressed the security breach.

PostNuke users who installed a zip archive downloaded between 11:50 pm Sunday night and 8:30 a.m. today face a grim scenario. According to a statement on the PostNuke site, all data submitted during the installation - including the server name, database credentials, admin name and password - were likely sent to the hackers. In addition, "in one file there was code allowing a malicious user to execute any shell command on the web server."

Either scenario would allow the attackers to gain control of the site where PostNuke was installed. The tar.gz download file was not affected. The tar format is traditionally used by Unix and Linux, while Zip is the leading Windows archive format.

(more...)

Another vulnerability in the Google Desktop search application has been discovered, similar but seperate to the ones discovered by Jim Ley and Netcraft. The discovery was made by Salvatore Aranzulla, an Italian journalist. The flaw allows attackers to target users of the Google Desktop application and modify the contents of search pages by injecting scripts located on external servers. Such cross site scripting attacks provide attackers with a means of obtaining information under the guise of a reputable domain.

Aranzulla has published details about the new vulnerability on his web site, where he includes some example exploits (Italian). He claims that inexperienced users may be susceptible to phishing attacks like these, while more experienced users may become suspicious due to the long URLs that are typically involved in exploiting cross site scripting vulnerabilities.

(more...)

A second fraudulent electronic mail targeting Red Hat Linux users has emerged, this time using a deceptive domain, fedora-redhat.com The new wrinkle reflects a common trend in phishing scans, in which an initial attack is refined over time, becoming more convincing and plausible with each enhancement.

Detail oriented Red Hat users on /. have had a field day ridiculing the grammar and spelling mistakes in the mail (Red Hat was spelled as one word) and listing numerous inconsistencies between the attack code and standard Red Hat update practices.

However, the Red Hat and /. communities are progressively diverging, and the mail will have reached some people with Red Hat systems who are much less cautious and observant than the traditional Linux community.

The new scam, which follows on a similar attack over the weekend uses a domain fedora-redhat.com which might plausibly belong to Red Hat. While many phishing attacks rely on obfuscated URLs to deceive recipients, a growing number of scams are registering look alike domains to snare users. The fedora-redhat.com domain was registered on Saturday through Yahoo, which offers domains for $9.95.

Similarly, over the weekend Wells Fargo customers were targetted with a mail leading to a site in the domain wellzfargo.com, while other recent attacks have involved the domains my-paypal.com, and errorbillingaol.com.

The trend illustrates the importance of defending domain names with business value, through avoiding using multiple domains for bona fide business, and monitoring the status of derivations of those names. Symmetrically, the registration or deployment of a domain can be a useful early warning of a fraud attack to targets of phishing scams, whereby prompt action can pre-empt such frauds.

Netcraft's fraud detection service can alert on domain registrations such as those used in the four scams above within 24 hours.