Security Holes in WordPress Blogging Tool

Security vulnerabilities have been found in WordPress, the popular PHP-based open source blogging application. Some scripts in WordPress are not properly validated, leaving the program open to cross-site scripting (XSS) attacks in which third parties could insert content into a WordPress-driven site.

WordPress has grown in popularity in recent months, emerging as a leading free alternative to Movable Type, which alienated many users with new licensing terms. The vulnerability could allow hackers to create a URL that generates pages in WordPress from content created by the hacker, rather than the site owner. An unsuspecting user following such a link would be sent to the trusted WordPress-based site, but encounter fake content that could include a range of exploits, such as links that infect their computers with spyware or trojans.

Continue reading

Phishers Manipulate SunTrust Site to Steal Data

A new phishing attack alters the SunTrust Bank web site, allowing fraudsters to collect customer authentication details using the bank's own site. The attack inserts a form into a frameset within the investor relations area of the SunTrust web site, giving the outward appearance that it is part of the bank's official site.

The spoofed page includes a form and asks the user to provide their Social Security number, ATM card number, ATM password/PIN, and the last four digits of their Suntrust account. The "bait" in this phishing scam is an email with the subject "SunTrust Bank - Suspicious Activity Suspected" with a spoofed return address of "services@suntrust.com." The mail tells SunTrust customers that "your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information." The mail includes a link to the investor relations page of the SunTrust site, which is manipulated to insert the spoofed page from a remote server at the IP address 194.47.244.145, located at Lund University in Sweden.

Continue reading

Authorize.net Says New Defenses Stymie DDoS Attack

Authorize.net, which handles credit card transactions for online merchants, says new defensive measures have helped deflect a persistent distributed denial of service (DDoS) attack that caused sporadic outages last week.

Authorize.net "successfully installed industry leading solutions designed to negate the impact of (DDoS) attacks," the company said over the weekend. "These installations are successfully thwarting a current and sustained attack with no DDoS-related degradation to our service whatsoever."

Authorize.net Site Performance

Continue reading

Consolidation Hits Web Site Payment Processors

It's been a turbulent month for companies offering credit card processing for web site operators. PaySystems discontinued its third-party transaction processing service Aug. 16, and last week Authorize.net's operations were disrupted by a distributed denial of service (DDoS) attack.

Now the status of online payment processor iBill is in flux after its acquisition by Care Concepts Inc. was rescinded. Both Care Concepts and the seller, Penthouse International, say they hope to complete the deal at a future date.

Payment processing services allow web site owners to accept credit cards without a merchant account, offering to process transactions for third parties for a fee. The growth of third-party processors opened the e-commerce market to smaller companies, especially web hosting resellers and operators of adult sites.

Continue reading

JPEG Exploit Attempt Sent to Newsgroups

A JPEG image that tries to use a Windows security hole to seize control of an Internet user's computer has been released to Usenet newsgroups, according to a post on the BugTraq mailing list.

Security groups are split on whether the image succeeds in its attempt, but most agree that the incident is a precursor to a more ambitious exploit with improved code. Others maintain that fears of a "JPEG of Death" wreaking havoc on the Internet are overdone, even as reports emerge that the vulnerability in Microsoft's Graphic Device Interface (GDI) is showing up in numerous non-Microsoft applications.

The malicious JPEG was sent to several Usenet newsgroups that post pornographic images. Some security researchers say early tests show the exploit crashes Windows XP machines when it is opened, but stops short of compromising computers. But maintainers of EasyNews, a web-based interface for reading Usenet, say the image installs a trojan. "Once this JPEG overflowed GDI+, it phoned home, connected to an ftp site and downloaded almost 2 megs of stuff," according to a message from EasyNews. "It installs a trojan that installs itself as a service."

Continue reading

As More Exploits Emerge, Security Groups Prep for JPEG Attack

The Internet security community is preparing for a working virus or worm attack based on the Microsoft JPEG exploit revealed last week. Several samples of working exploit code have been published on security web sites and mailing lists, and antivirus vendors have quickly updated their products to defend against the attacks.

The critical security hole allows a remote attacker to create a JPEG image that, when viewed in Microsoft software programs, could allow the hacker to gain control of the computer. The flaw was revealed by Microsoft Sept. 14, along with a security update that addresses it. Code that partially exploits the flaw was published last week, and has been rapidly developed into code that could be used in a virus or worm.

The latest exploit, published this morning on the Full Disclosure mailing list, claims to be able to create an administrator-level account on Windows machines. Another published exploit reported by AusCERT allows the excution of code on the remote machine.

Continue reading