If you use wordpress blogging software, make sure you are not running
the backdoor-ed version. The security announcement is below - the top
mail is some commentary on the exploit.
-------- Original Message --------
Subject: Re: [Webappsec] [WEB SECURITY] Wordpress website hacked,
wordpress backdoored
Date: Sat, 3 Mar 2007 21:29:55 +0000
From: Dinis Cruz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>, webappsec @
OWASP <[EMAIL PROTECTED]>, Secure Coding
<SC-L@securecoding.org>, [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
References: <[EMAIL PROTECTED]>
nice, the business model is evolving.
But this is still a very 'inefficient' attack since:
a) the final binaries were the ones infected (very easy to detect
(imagine if the infected code was actually from 'real' SVN source code
and made from a 'trusted' developer))
b) by the speed this was detected the exploit (and the blog page didn't
give a lot of details about it) must have been a very 'HEY I AM A
BACKDOOR!!!!' kind of code. A real exploit would be one that (using a
.NET example) used a type confusion attack to insert a buffer overflow
on a remotely accessible method (which would be inserted in day X and
only used a couple months later).
but it's evolving.....
Can everybody that writes code and has a Browser window open under the
same user account (even if non admin) raise their hand? ... nice so many
hands (including mine).... guess what, if your browser is 0wned, so will
be your code..
And OWASP uses WordPress (although Mike tells me that we were not
affected) for our blogs (blogs.owasp.org <http://blogs.owasp.org>), nice :)
I am still waiting for the day that we will be maliciously hacked for
commercial reasons since that will be another step in the evolution of
the malicious guy's business model
Dinis in San Jose
---------- Forwarded message ----------
From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>* <
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
Date: Mar 3, 2007 6:29 PM
Subject: [WEB SECURITY] Wordpress website hacked, wordpress backdoored
To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
The Wordpress development team has posted an announcement that the
download server had been hacked, and wordpress 2.1.1 had a backdoor
included in it allowing for remote code execution.
URL: http://wordpress.org/development/2007/03/upgrade-212/
- Robert
http://www.cgisecurity.com/ Web Security news, and more
http://www.cgisecurity.com/index.rss [Subscribe to Security news]
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net <http://irc.freenode.net> #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
--
raj shekhar
facts: http://rajshekhar.net | opinions: http://rajshekhar.net/blog
I dare do all that may become a man; Who dares do more is none.
_______________________________________________
Webappsec mailing list
[EMAIL PROTECTED]
http://lists.owasp.org/mailman/listinfo/webappsec
_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
