Zoiz Blog

Just now Arie asked me whether I knew about Wordpress 2.3.3 Hidden Link Injection or not. Actually I don’t know anything about that on WordPress 2.3.3 before he asked me, because I was ongoing my seven fcuking days. After doing a small search, and I found out things are going to be more and more interested.

After I read what Luca posted on his blog, and doing some small research, I found out (but not 100% sure) that there might be an Automated Script (Worm) running out there targeting some outdated WordPress Powered Blogs.

To see how many victims there are out there, you can use this Google Search Keyword. There are 7000 victims (unTechy said) on 28 March, and it’s 3x more victims today. You can see how fast the infection is!

I still haven’t figure out how they did it, but I am pretty sure that updating your Wordpress to the newest version is the easiest way to prevent this attack. I’ll do some writeup once I get enough information. SO my advice is that you should upgrade your WordPress, and change your password (your password hash might be stolen) as soon as possible!

Last week was one of the most terrible week in my life. Everything went so bad. First my car broke down and cost me a bomb, then I had to work OT for 2 weeks continuously. Not enough? Anemia follow up hitting me. Which made me felt very, very terrible.

Just got back from clinic having my blood tested. The doctor told me that I was pretty fine (WTF?!? Was he kidding?? ), and the only problem is that I suffer slight hypotension (low-blood-pressure) and need more rest. That’s why I haven’t updated my blog since then.

But well, I hope that all the bad things and epidemic will go over very soon!!

Once you see the title you might have already know what this article is about. Yeah! Injecting some candies into your browser UserAgent might launch a XSS attack. Here’s how to do it :

Read the rest of this entry »

The picture below is from one of RSnake blog visitors. Something happened when he was viewing his emails on Yahoo mail. The Avast Anti Virus prompt a trojan horse warning when he was simply viewing Yahoo Mail. It’s been becoming a trend using paid ads to spread trojan horses. You can call it “Paid to Spread” trojans. Here is the screenshot taken from RSnake blog :

Click to Enlarge

This hack ever hit FaceBook before. But I think this kind of thing may be the beginning of a epidemic. This maybe one of the reasons why you can not trust third party Javascript on your site, which included Advertisement.

Zero Day phpBB3 Exploit (XSS via PM). Content Temporary Removed~

Thanks,

Zoiz

If you are a web developer, then you must read this. This time I’ll not talk about any critical vulnerabilities or exploits on a system, CMS, etc. Let’s talk about a web developer / web master bad habit itself. A bad habit that will lead them to be mass owned.

The problem lies within a password, a default password. Yes, the default password problem do exists on custom CMS! If you are still confuse of what I am talking about, I’ll give a REAL LIFE case, but of course I’ll will not mention the vulnerable sites. I’ll use example site name instead.

Here the story goes : Read the rest of this entry »

This is what I got when I requested a password reset. See Password Tips No 4! It says : “Keep your password in a safe place” Lawl

Yang Terhormat <censored>,

Berikut adalah password anda sesuai dengan permintaan anda:

Username: <censored>
Password: <censored>

Untuk login ke dalam Sistem Pengelolaan Domain Indonesia, klik alamat situs di bawah ini.

https://register.net.id

Jika tidak bisa, atau alamat tersebut tak dapat di-klik, mohon alamat tersebut disalin ke bagian alamat pada browser web anda.

Password Tips:

1. Gunakan password yang mudah diingat namun tidak mudah ditebak.
2. Sebaiknya password memiliki panjang minimal 6karakter.
3. Kombinasikan huruf dengan angka.
4. Simpan di tempat yang aman.

Terima kasih telah menggunakan Sistem Pengelolaan Domain Indonesia.

Hormat Kami,

Pengelola Domain .ID – PANDI