Dedicated hosting company Layered Technologies is advising customers to reset account logins after an incident Monday night in which hackers were able to access a client support database. Layered Tech said it doesn't believe that any customer credit card numbers were compromised, but is nonetheless advising customers to change the login credentials on all their servers and underlying services created in the past two years, including webmail, SSH access, MySQL databases and cPanel reseller control panels.
"The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, email addresses and server login details for 5 to 6,000 of our clients," company president Todd Abrams wrote to customers. "Layered Technologies responded immediately to this specific incident by conducting a comprehensive security audit of internal processes and procedures."
Peer-to-peer networks are being hijacked to launch an increasing number of distributed denial of service (DDoS) attacks on web sites, according to security researchers and network service providers. In these attacks, large numbers of client computers running P2P software are tricked into requesting a file from the intended target of the DDoS, allowing the attacker to use the P2P network to overwhelm the target site with traffic.
These type of attacks had been discussed in papers by security researchers last year, but began appearing on the Internet in early 2007 and have accelerated in recent weeks, according to Prolexic Technologies, which specializes in DDoS defense. In a May 14 advisory, Prolexic reported an increase in the number and frequency of attacks. "The rash of large P2P attacks we have seen in the last month is a perfect example of how the DDoS problem constantly evolves," said Darren Rennick, CEO of Prolexic. "Until January of this year we had never seen a peer-to-peer network subverted and used for an attack. We now see them constantly being subverted."
The company said as many as 100,000 machines had been used in some of the attacks. The peer-to-peer DDoSes may be attractive to attackers, as they don't require the use of an existing "botnet" of compromised computers.
The U.S. Department of Defense has begun blocking access to MySpace and YouTube on its network, citing security concerns and the need to prevent the network from being slowed by video traffic. "This is a bandwidth and network management issue," Julie Ziegenhorn, spokeswoman for U.S. Strategic Command, told Stars & Stripes. "We’ve got to have the networks open to do our mission. They have to be reliable, timely and secure."
Many troops stationed overseas use the DoD network to access the Internet, but some others use local providers. Ziegenhorn said the sites were becoming "a drain on the system," but the Stars & Stripes story also mentions security several times. MySpace has been a regular target of phishing scams seeking to steal account credentials. MySpace accounts themselves are of limited value, but can serve as a delivery mechanism for keylogging trojans, capturing home computers that may be used for shopping or online banking as well as social networking. Keylogging trojans would be problematic on computers on a secure military network.
Microsoft's latest security updates include a patch for a security hole in Microsoft Content Management Server (MCMS) discovered by Netcraft's Martyn Tovey. Microsoft update MS07-18 addresses two issues in MCMS, including a cross-site scripting and spoofing vulnerability that was reported to Microsoft by Netcraft.
"The vulnerability could allow the injection of a client-side script in the user's browser," Microsoft notes in its summary. "In a Web-based attack scenario a compromised Web site could accept or host user-provided content or advertisements which could contain specially crafted content that could exploit this vulnerability. The script could take any action on the user's behalf that the Web site is authorized to take. This could include monitoring the Web session and forwarding information to a third party, running other code on the user's system, and reading or writing cookies."
Microsoft Content Management Server allows developers to build complex web sites atop the .NET framework, and is typically used to manage enterprise portals and e-commerce sites. Many of the functions of MCMS 2002 have been integrated into Office SharePoint Server 2007 product. MCMS continues to be widely used, and was found on more than 5,000 sites last year.
Netcraft provides a Web Application Testing service that rigorously tests the defenses of Internet networks and applications. It is part of the Audited by Netcraft service, which provides a range of advanced Internet security tests.
A recent distribution of the popular blogging software WordPress was compromised during a server intrusion, the development team said late Friday. All WordPress users who have downloaded and installed version 2.1.1 are urged to immediately upgrade to version 2.1.2. Earlier versions of WordPress are not affected.
"This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress," developer Matt Mullenweg wrote on the WordPress blog. "The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened. It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. ... They modified two files in WP to include code that would allow for remote PHP execution."
Netcraft's January phishing site competition saw the number of blocked phishing sites increase by a further 153,000, in contrast to last month's phenomenal rise of 277,000. Live progress of the latest competition can be tracked via the phishing site reporters list.
To continue showing our appreciation to the community, Netcraft will be sending a top of the range black 80gb iPod video to the five people who reported the largest number of phishing reports accepted last month.
January's winners are: Abused, ER, Fully, cristal and Martin. Many thanks for your efforts! Each phishing site that is reported vastly reduces the number of victims falling prey to fraudulent activity on the Web. Netcraft has now received, reviewed and blocked more than 820,000 unique URLs reported to us as phishing sites.
A vulnerability in Adobe Reader was discovered early in January, which made sites that hosted PDF files vulnerable to cross-site scripting attacks. Adobe recommends that users upgrade to the latest version of Adobe Reader to protect themselves against these kind of attacks, but it is worth noting that the Netcraft Toolbar automatically protects users against cross-site scripting attacks of the like typically employed by Internet fraudsters.
The Netcraft Toolbar, which is available for both Internet Explorer and Firefox, serves as a giant neighborhood watch scheme for the Internet: members who encounter a phishing fraud can act to defend the larger community of users against the attack. Once the first recipients of a phishing mail have reported the target URL, it is blocked for toolbar users who subsequently access the URL and widely disseminated attacks simply mean that the phishing attack will be reported and blocked sooner.