Wordpress has grown in popularity in recent months, emerging as a leading free alternative to Movable Type, which alienated many users with new licensing terms. The vulnerability could allow hackers to create a URL that generates pages in WordPress from content created by the hacker, rather than the site owner. An unsuspecting user following such a link would be sent to the trusted WordPress-based site, but encounter fake content that could include a range of exploits, such as links that infect their computers with spyware or trojans.
The spoofed page includes a form and asks the user to provide their Social Security number, ATM card number, ATM password/PIN, and the last four digits of their Suntrust account. The "bait" in this phishing scam is an email with the subject "SunTrust Bank - Suspicious Activity Suspected" with a spoofed return address of "firstname.lastname@example.org." The mail tells SunTrust customers that "your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information." The mail includes a link to the investor relations page of the SunTrust site, which is manipulated to insert the spoofed page from a remote server at the IP address 22.214.171.124, located at Lund University in Sweden.
Authorize.net "successfully installed industry leading solutions designed to negate the impact of (DDoS) attacks," the company said over the weekend. "These installations are successfully thwarting a current and sustained attack with no DDoS-related degradation to our service whatsoever."
Posted by Rich Miller in Performance
It's been a turbulent month for companies offering credit card processing for web site operators. PaySystems discontinued its third-party transaction processing service Aug. 16, and last week Authorize.net's operations were disrupted by a distributed denial of service (DDoS) attack.
Now the status of online payment processor iBill is in flux after its acquisition by Care Concepts Inc. was rescinded. Both Care Concepts and the seller, Penthouse International, say they hope to complete the deal at a future date.
Payment processing services allow web site owners to accept credit cards without a merchant account, offering to process transactions for third parties for a fee. The growth of third-party processors opened the e-commerce market to smaller companies, especially web hosting resellers and operators of adult sites.
Posted by Rich Miller in Hosting
Security groups are split on whether the image succeeds in its attempt, but most agree that the incident is a precursor to a more ambitious exploit with improved code. Others maintain that fears of a "JPEG of Death" wreaking havoc on the Internet are overdone, even as reports emerge that the vulnerability in Microsoft's Graphic Device Interface (GDI) is showing up in numerous non-Microsoft applications.
The malicious JPEG was sent to several Usenet newsgroups that post pornographic images. Some security researchers say early tests show the exploit crashes Windows XP machines when it is opened, but stops short of compromising computers. But maintainers of EasyNews, a web-based interface for reading Usenet, say the image installs a trojan. "Once this JPEG overflowed GDI+, it phoned home, connected to an ftp site and downloaded almost 2 megs of stuff," according to a message from EasyNews. "It installs a trojan that installs itself as a service."
The critical security hole allows a remote attacker to create a JPEG image that, when viewed in Microsoft software programs, could allow the hacker to gain control of the computer. The flaw was revealed by Microsoft Sept. 14, along with a security update that addresses it. Code that partially exploits the flaw was published last week, and has been rapidly developed into code that could be used in a virus or worm.
The latest exploit, published this morning on the Full Disclosure mailing list, claims to be able to create an administrator-level account on Windows machines. Another published exploit reported by AusCERT allows the excution of code on the remote machine.
Your link here? Advertising on the Netcraft Blog