Twitter gets hacked with poor passwords
Last week wired reported Twitter users falling prey to a password brute force attack. Yes you read correctly, a password brute force attack.
Wired:
An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News.
The hacker, who goes [...]
DNS dot DDoS Attack targetting the Internet
I was running tcpdump earlier this week when I noticed some odd entries queries to BlogSecurity’s DNS servers:
$ sudo tcpdump port 53
10:35:29.560870 IP 69.50.142.110.50928 > blogsecurity.domain: 43135+ NS? . (17)
10:35:29.561302 IP blogsecurity.domain > 69.50.142.110.50928: 43135- 13/0/14 NS C.ROOT-SERVERS.NET.,[|domain]
10:35:31.037729 IP 76.9.16.171.10435 > blogsecurity.domain: 58781+ NS? . (17)
10:35:31.038201 IP blogsecurity.domain > 76.9.16.171.10435: 58781- [...]
Server updates currently underway
Please note we are currently doing admin work on the server and DNS records. If you are unable to access the site at one point or another, please try again later.
Thanks,
BlogSec Team
WordPress Security Predictions in 2009
Okay, deep breath, in 2008, we saw Cross-Site Scripting, SQL injection, SQL truncation, Cookie generation weaknesses, Directory Traversal, Arbitrary File Uploads and Cross Site Request Forgery attacks, to name a few?
A mouth full but it made for a very interesting 2008 case study of security developments in a popular open source PHP application.
The WordPress core [...]
WordPress <= 2.6.3 XSS Vulnerability
Jeremias Reith has published the advisory to Bugtraq which includes a proof of concept exploit that may allow an unauthenticated attacker access to your blog.
Product affected: WordPress
Version(s):
