27 marzo 2011

MySQL.com compromised | Sucuri

MySQL.com (the official site for the MySQL database) was compromised via (shocking!) blind SQL injection. A post was sent today to the full disclosure list explaining the issue and dumping part of their internal database structure.

Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170
Host IP : 213.136.52.29
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : web

So their customer view application was used as the entry point, where the attackers were able to list the internal databases, tables and password dump…

What is worse is that they also posted the password dump online and some people started to crack it already. Some of the findings are pretty bad, like that the password used by the MySQL director of product management is only 4 numbers (6661).

We will post more details as we learn more about it.


Share0  0share0shareNew


Full Disclosure: MySQL.com Vulnerable To Blind SQL Injection Vulnerability

Questo riepilogo non è disponibile. Fai clic qui per visualizzare il post.

09 marzo 2011

Facebook Is AOLifying the Internet—and That Sucks

Sam BiddleFacebook Is AOLifying the Internet—and That Sucks

When an entire generation of computer users first poked our doe-eyed faces onto a young internet, many of us were greeted with a single, encompassing, monolithic face peering back: the AOL Home Screen. To call it a young internet isn't even fair—it was a mature, thriving AOL. It was ubiquitous, it was powerful, it was everything—and it ended up destroying itself, too flawed by design to last. And someone's trying to rebuild the Death Star.

How do we know nobody's learned shit since the days of the 56k Hindenburg? News like Warner Bros' decision to rent movies—starting with The Dark Knight—directly through Facebook. News like Rovio putting Angry Birds onto perhaps the only platform other than my dead grandfather's typewriter that doesn't yet support it—yup, Facebook. Which is just, really, wonderful! If there's one thing the internet is lacking right now, it's yet another fucking place to rent a movie for 48 hours for several bucks or play god damned Angry Birds. And it adds up—Facebook is reaching its tendrils into every single thing we like about the internet, far, far beyond the actual reasons we rolled up to Zuckerberg's site in the first place. IMing? Check. Email? Check. Photo sharing? Check. Apps? Check. Location check-ins? Yup. Twitter ripoff status updates? But of course! What Facebook hasn't stuffed into its maw by its own will, it's given developers plenty of incentive to do so themselves. The consequence? Over a decade after the web portal stopped making sense, Facebook is trying to assemble itself, like some ill-conceived Voltron, into the next.

After AOL began its decade-long implosion, gradually descending out of relevance, the real internet sprang up in the fertile mush that'd been left behind. AOL was hemorrhaging money like a hemophilic boxer, but the rest of us were having too much fun with the tools we'd be introduced to by this collapsing corpse to notice. IMing, emailing, video, websites, games—AOL didn't invent any of these things from thin air, but it brought them all together in one convenient (when you had a dial tone), hideously-90s Mecca. It was easy! It was slow! It was familiarly and comforting—and stifling. AOL's vision of the online world was what AOL deemed worthy of its walled topiary garden. It was closed—locked up tight. Integrated tightly, but, in retrospect, really pretty mediocre.

Now, I hear you: Facebook is different from AOL in at least two major ways. We're not saying these two things are exactly the same. Facebook is social, and we believe in a social internet because you can't fake the kind of content and recommendations that come from your friends. That's the engine in Facebook's growth. And secondly, Facebook is far from being as closed as AOL was, since it's a platform other companies can use. AOL didn't have either of those. But Facebook's still mediocre! Even if they're outsourcing a lot of that mediocrity (Dark Knight movie rentals) while keeping some of it in house (All of Facebook's messaging and whatever clones of popular services they're currently building). Even if it's your friends who are spamming you with next generation super pokes.

It's also mediocre, because no company online can be good at everything and so it's always ugly when they try. Which is why the the internet is great—we get to choose! Sites specialize! Want a trillion clips of obscura? YouTube! Want gorgeous music videos and mini-docs? Vimeo! Want to stream moves to every box and handset under the sun? Netflix is terrific!

But no. Facebook, realizing it has at least a few daily minutes of the attention of the most attention-impoverished step in our species' history, wants to be everything. It wants to be Netflix, it wants to be your Xbox, it wants to be Foursquare, it wants to be Gmail—Facebook wants to be the internet. Will you let it?

Illustration by Contributing Illustrator Sam Spratt. Become a fan of his Facebook Artist's Page and follow Sam on Twitter

08 marzo 2011

French Ministry hit by hacker attack, targeting secret G20 plans | Naked Security

Eiffel TowerThe French Ministry of Finance has reportedly confirmed that it has become the victim of an internet attack, targeting documents related to the French presidency of the G20 and international economic affairs.

Paris Match magazine, which broke the story, claims that more than 150 computers at the ministry have been infilitrated by hackers since December, and numerous documents stolen.

Budget Minister Francois Baroin confirmed in a radio interview that an investigation was taking place into the attacks, claiming that it was "probably the first time" that the French government's computer systems had been hit on such a scale. He told Europe-1 that it was documents about the G20 that especially interested the hackers.

France holds the rotating leadership of the G20 this year and is hosting a series of meetings aimed at improving relations among the world's top economies, including the US and China.

France holds the presidency of the G20 this year, and is hosting meetings designed to improve relationships between the world's top economies. No doubt such hacking reports are sending a shiver down the spine of staff who work at the ministry building known to most people as Bercy.

Paris Match report

According to the report, hackers were able to break into the Ministry's computers after emailing a malicious Trojan horse to users. Once the users were fooled into running the dangerous code, the hackers could access the computers remotely via a backdoor.

Inevitably the finger of suspicion is likely to point towards China for the hacking attack, but I think it's dangerous to conclude that a hack was state-endorsed unless there's definitive proof.

The truth is that proving the origin of a hack attack is complicated by the fact that cybercriminals can use compromised PCs owned by innocent people to act as a go-between when trying to break into someone's computer. In other words - yes, a Chinese computer might have tried to connect to yours, but it may be under the control of someone in, say, Great Britain.

We'd be naive to think that the Chinese (and just about every other country around the world) isn't using the internet for its political, commercial and military advantage, but we should be very cautious about making assumptions without having all the proof in front of us.

04 marzo 2011

Wordpress Denial of Service Attack Also Reveals New Economies of Scale Impacts - Haydn Shaughnessy - Re:thinking Innovation - Forbes

The lessons any business can learn: There is a new kind of scale out there. The historical mix of resources – capital, people, raw materials, knowledge are giving way to platforms that introduce new economies of scale as well as new vulnerabilities. People continue to speculate about the source of the denial of service attack – an emerging view is that it is a pro-Government attack from a regime where protesters are using Wordpress to gather support and distribute information. The impact of new economies of scale however is becoming more visible. Platform-based businesses, business that enable people (developers, customers, opinion formers) at low cost, are having a huge effect on the world around us.