www.knoppix-std.org had an iframe that loaded a WMF for a while last Saturday (I believe, might have been Sunday). Does that count? It certainly isn't a porn site.
--Jim On or about Fri, 6 Jan 2006, Brady McClenon pontificated thusly: > What about them? All may be possible, but my question remains. Have we > seen this, or is it just theory? And, is the server hosting the forum > truly infected/compromised? It's like saying a snake is infected with > it's own venom. > > Also, I dismiss any findings on porn sites. 90% of people that frequent > porn sites would install the same compromise if it came with EULA they > had to agree to before installation. You don't need to dupe porn fiends > into doing anything, just making it stand between them and their porn is > enough. Might seem harsh, but does anyone truly disagree? :) > > One last rant... I'm tired of hearing in the media that file indexers > like Google desktop can cause a compromise through the WMF exploit. It > only indexes what is ALREADY on your hard drive. How did it get there > to begin with?!? Obviously the user interacted with it at some point in > the past in order to put it there. The exploit would have occurred at > that point, not when the file indexer finds it later! > > > > > -----Original Message----- > > From: Socrates [mailto:[EMAIL PROTECTED] > > Sent: Friday, January 06, 2006 2:13 PM > > To: Brady McClenon > > Cc: Drew Simonis; Thor (Hammer of God); Erin Carroll; > > [email protected]; Larry Seltzer; [email protected] > > Subject: Re: New article on SecurityFocus > > > > What about a trojaned avatar for your username in a forum? > > How about a > > malicious iframe inclusion in HTML enabled forums? > > > > Brady McClenon wrote: > > > Just curious. I hear media reports and people saying that there's > > > hundreds or thousands of compromised web site from this, > > but I have ask > > > where these numbers come from? Where is this data, or is it pure > > > speculation? I'm also curious how one could compromise a web server > > > with this exploit. Putting files on a web server to dole out and > > > compromise other computers I can see, but is the web server really > > > compromised in this case? If so, was it by way of the WMF exploit? > > > > > > One last question: Has anyone here experienced or know > > anyone that has > > > a "legitimate" web server compromised (or serving out) by the WMF > > > exploit. I'm trying to determine if there are those with actual > > > knowledge that the sky is indeed falling, or if we are all > > shaking over > > > unsubstantiated media hype. > > > > > > > > > > > >>-----Original Message----- > > >>From: Drew Simonis [mailto:[EMAIL PROTECTED] > > >>Sent: Friday, January 06, 2006 10:22 AM > > >>To: Thor (Hammer of God); Erin Carroll; [email protected] > > >>Cc: Larry Seltzer; [email protected] > > >>Subject: Re: New article on SecurityFocus > > >> > > >> > > >>>Overall, I think community's coverage of wmf has been delivered > > >>>with an ounce of perception, and a pound of obscurity. > > It's almost > > >>>as if people *want* it to be worse than it is. I'm not surprised, > > >>>of course. But regardless, my call is that we'll see a little > > >>>activity here and there, the patch will come out, most > > will install > > >>>it (or have it installed automatically) and the whole issue will > > >>>fade away. But that's all. > > >>> > > >>>We'll know for sure shortly, either way. > > >>> > > >> > > >>Thor, > > >>I think your path of thought is stuck a bit in the past. > > >>Worms are neat as a technical exercise, but we see more and > > >>more that the attackers are increasingly aware of the value > > >>of these vulnerabilities from a financial perspective, not > > >>merely for notoriety. As such, it benefits the attacker to > > >>have a less subtle attack, one that does not sensationalize > > >>the vulnerability. Complacency is their ally. > > >> > > >>That said, there are already numerous (hundreds+) > > >>"legitimate" web sites that have been compromised and had > > >>exploit images injected into their content. There are also > > >>already hundreds of thousands of machines that have been > > >>infected with Trojans or bots. These infected machines will > > >>patch, but they won't be safe, and the problem gets worse. > > >> > > >>So no, there won't be some catastrophic worm event. But I > > >>posit that what there will be could be much worse. > > >> > > >>-- > > >>___________________________________________________ > > >>Play 100s of games for FREE! http://games.mail.com/ > > >> > > >> > > >>-------------------------------------------------------------- > > >>------------- > > >>-------------------------------------------------------------- > > >>------------- > > >> > > >> > > > > > > > > > > > -------------------------------------------------------------- > > ---------------- > > > Audit your website security with Acunetix Web Vulnerability Scanner: > > > > > > Hackers are concentrating their efforts on attacking > > applications on your > > > website. Up to 75% of cyber attacks are launched on > > shopping carts, forms, > > > login pages, dynamic content etc. Firewalls, SSL and > > locked-down servers are > > > futile against web application hacking. Check your website > > for vulnerabilities > > > to SQL injection, Cross site scripting and other web > > attacks before hackers do! > > > Download Trial at: > > > > > > http://www.securityfocus.com/sponsor/pen-test_050831 > > > > > -------------------------------------------------------------- > > ----------------- > > > > > > > > > ------------------------------------------------------------------------------ > Audit your website security with Acunetix Web Vulnerability Scanner: > > Hackers are concentrating their efforts on attacking applications on your > website. Up to 75% of cyber attacks are launched on shopping carts, forms, > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are > futile against web application hacking. Check your website for vulnerabilities > to SQL injection, Cross site scripting and other web attacks before hackers > do! > Download Trial at: > > http://www.securityfocus.com/sponsor/pen-test_050831 > ------------------------------------------------------------------------------- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
