"The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copyIf you get something that tells you to install 2.6.4...don't do it! :-)wp-includes/feed.phpandwp-includes/version.phpfrom the 2.6.5 release package. 2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests.
...note that we are skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds. There is not and never will be a version 2.6.4."
Saturday, 29 November 2008
Wordpress Upgrades to 2.6.5
A reminder to all you Wordpress users...make sure you update to version 2.6.5. From the Wordpress Blog:
Monday, 17 November 2008
Analysis of a new Facebook phish
I recently noticed an interesting trend with Facebook. There seems to be an increase in spam and in particular a new type of phishing attempt has emerged that I have been seeing signs of on many different profiles. While phishing via Facebook is nothing new, this one is a bit different as the victim is not taken to a website that "looks" like a Facebook login page. This phish uses painfully annoying questions and pop-up's to get you to divulge your account information.
Do not go to any of the URL's mentioned in this article! You have been warned!
Do not go to any of the URL's mentioned in this article! You have been warned!
How does the phish work?
You will get an email or notice a wall post from one of your friends in Facebook. Note that your friend that has posted to your wall has had their account compromised or they have really fallen for the scam and have sent links out manually...more on that in a minute.
You will get an email or notice a wall post from one of your friends in Facebook. Note that your friend that has posted to your wall has had their account compromised or they have really fallen for the scam and have sent links out manually...more on that in a minute.
Initial contact via email notification or wall post (below).
Notice the really bad wording of the following:
"hey has anyone messaged you to let you know your face book pictre is all over ****.com?"
Notice the bad grammar and misspelling? This should be your first clue that this is a phish and you should not check out this domain no matter how curious you are! The bad news is most people will check it out....
Next, a pop-up will appear showing a link to hxxp://rotating -destination.com.
More "enticing" wording for you to click the OK button.
Clicking on this pop-up asks you to enter in the name of your friend, your name and your email.
Next, it takes you to this pop-up asking for your password for "registration".
After entering in your password it asks you how you found the site.
Interestingly, if you click on MySpace or Facebook it says it cannot retrieve your image.
After clicking on a link (they all seem lead to the same place) you will get to a page that tells you that they can't serve content to Facebook/MySpace.
Clicking the back button you will get another pop-up and after that you have to participate in an online "quiz". It's in a frame and really looks more like the ads you see online (click on the monkey, etc). This is the part that will generate ad revenue for phisher.
After the quiz you get to a screen which says that you have an image waiting for you and gives you a link to click.
Clicking on the link takes you to a site with a picture of a monkey and plays the sound of someone laughing...nice.
Finally, there is a link to a page of the bottom of this picture that takes you to a page telling you how to send this "harmless prank" to your friends....
Not sure if I have seen a phisher actually ask you for help! Makes things even easier for the phish creator. They even tell you to use "regular" email as you don't want Facebook to block you for being a "spammer"...
What's the end result?
The victim who goes to this website and enters in all the information requested will get their Facebook and/or MySpace profile hijacked (probably with an automated login script) and most likely their email compromised as well. Unfortunately, most people use the same password for both social media sites and email so this is a rather serious problem. If you or anyone you know fell victim to this phish, I advise changing your social media and email passwords immediately.
Special thanks to Greg and Tyler for helping out with the detailed analysis of this phish. Greg and Tyler do a ton of great malware analysis and they did some research to help determine if this phish was malware related. While there was no malicious downloads detected in this specific instance, Greg mentions the following additional information about this phish:
The victim who goes to this website and enters in all the information requested will get their Facebook and/or MySpace profile hijacked (probably with an automated login script) and most likely their email compromised as well. Unfortunately, most people use the same password for both social media sites and email so this is a rather serious problem. If you or anyone you know fell victim to this phish, I advise changing your social media and email passwords immediately.
Special thanks to Greg and Tyler for helping out with the detailed analysis of this phish. Greg and Tyler do a ton of great malware analysis and they did some research to help determine if this phish was malware related. While there was no malicious downloads detected in this specific instance, Greg mentions the following additional information about this phish:
- The IP of the first domain is associated with 16 malware domains have been related to malware in the past (some serving Zlob trojans and one related to bogus blogs) so don't be surprised if this scam gets more agressive in the future.
- The IP is hosted with Oversee.net which is associated with about 90 instances of malware and rouge software.
- There is code in the HTML where a graphic would be served up with 1 pixel x 1 pixel (essentially hidden) but that code is commented out. So at some point that graphic might have had some exploit code or perhaps used to log your IP.
Here are a few things to remember so you don't become a victim of these and other types of scams:
- Use a different, complex password for each of your accounts. That way if one password gets compromised all your other accounts don't get compromised as well.
- Even if your friends want you to click on links, be cautious! You never know if their profiles or email accounts have been hacked!
- Look for bad grammar and misspelled words as your first clue to a phish.
- Check out the Facebook Privacy & Security Guide which gives you some good tips to follow when using social media websites.
Wednesday, 5 November 2008
Facebook Privacy & Security Guide
Did you know that the default privacy and security settings in most social network websites are designed to share your personal information with as many people as possible? Did you ever stop to think about how valuable your information is to the company that runs your favorite social network website? The more information you share...the more valuable you are. Are you posting too much personal information and could this information be used for things you didn't approve of?
This guide gives you suggested "baseline" privacy and security settings that you can use when configuring your Facebook account. Obviously, you can adjust these settings based on the level of risk you are comfortable with. However, this guide should give you a good starting point. In addition, I have listed five key tips in the guide that you should keep in mind when using any social network.
Why put this guide together?
I have been doing several months of research with my own Facebook account as well as gathering the input of other Facebook users to determine what the privacy and security settings should be without loosing the key features of using a social network...the networking! I found that most users of Facebook have no idea that these settings even exist! Privacy and security settings can be easily configured to help limit the amount of personal information able to be shared with just about anyone, even outside your friends list.
Please feel free to distribute this document to friends and family or use it for any security awareness campaigns. I will hopefully be keeping up with any updates to the document when Facebook changes things. I might be putting together a similar document together for MySpace. However, MySpace has a long way to go compared with Facebook in regards to privacy and security settings.
Why put this guide together?
I have been doing several months of research with my own Facebook account as well as gathering the input of other Facebook users to determine what the privacy and security settings should be without loosing the key features of using a social network...the networking! I found that most users of Facebook have no idea that these settings even exist! Privacy and security settings can be easily configured to help limit the amount of personal information able to be shared with just about anyone, even outside your friends list.
Please feel free to distribute this document to friends and family or use it for any security awareness campaigns. I will hopefully be keeping up with any updates to the document when Facebook changes things. I might be putting together a similar document together for MySpace. However, MySpace has a long way to go compared with Facebook in regards to privacy and security settings.
You can download the latest version of the guide from my blog here.
Subscribe to:
Posts (Atom)
Posts
