corenominal

Full stack web developer, interested in all the things, but especially the web, code, design, Linux, OS X, PHP, WordPress, JavaScript & robots.

Tagged: hacking

Quadrilateral Cowboy image/svg+xml

Quadrilateral Cowboy is a cyberpunk heist adventure. Tread lightly through security systems with your hacking deck and grey-market tools of the trade.

When you have a top-of-the-line hacking deck armed with a 56.6k modem and a staggering 256k RAM, it means one thing: you answer only to the highest bidder.

I don’t play many games, but this looks fab. I’m looking forward to when it’s released on Linux.

360 million reasons to destroy all passwords image/svg+xml

If you think about this for a moment, you’ll realize that your password does not actually matter. The only thing that matters is that you have access to the email address that’s associated with your account.

Thanks to the password reset functionality that every website uses, every website already supports passwordless login — they just don’t call it that.

I’m not sure that password reset systems are as convenient as just entering a password, but maybe that’s the point. The widespread use of passwordless login systems would certainly reduce the problem of users who opt for lazy passwords, such as “password1”, “password2” etc. That said, if the same users were to continue using lazy passwords for their email, they’d still be screwed.

Passwords suck.

What Hackers Do With Compromised WordPress Sites image/svg+xml

We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn’t any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site’s visitors can be monetized in various malicious ways. The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged.

Some interesting stats here. Spoiler alert: I’m not surprised to see “defacing” at no.1, it’s the classic reason to hack a site, but it’s interesting that “SEO spam” is not too far behind. I guess there is money to be made in the black hat SEO world, so I’d expect it to rank top at some point in the future.

Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause image/svg+xml

Mossack Fonseca (MF), the Panamanian law firm at the center of the so called Panama Papers Breach may have been breached via a vulnerable version of Revolution Slider. The data breach has so far brought down the Prime Minister of Iceland and surrounded Russian President Putin and British Prime Minister David Cameron with controversy, among other famous public figures. It is the largest data breach to journalists in history, weighing in at 2.6 terabytes and 11.5 million documents.

WordPress, software that just keeps giving :)

How Attackers Gain Access to WordPress Sites image/svg+xml

Plugins play a big part in making WordPress as popular as it is today. As of this writing there are 43,719 plugins available for download in the official WordPress plugin directory. That is an incredible selection of plug and play software. But you obviously need to be careful with them, as plugin vulnerabilities represented 55.9% of the known entry points reported by respondents.

Some interesting statistics, I’m not surprised that plugins are at the top of the list, but I am slightly surprised that brute forcing is at no. 2. I imagined themes and plugins would be roughly equal in terms of vulnerabilities.

WordPress Plugin Comes With a Backdoor, Steals Admin Credentials In Cleartext image/svg+xml

This backdoor also allows him to download files which add his own admin account to the site, and even alter core WordPress files so every time a user logs in, edits his profile, or a new user account is created, the user’s password is collected (in cleartext) and sent to his server.

This sucks and I feel sorry for anyone who has fallen victim to this. That said, it’s a pretty good reminder for people to run regular audits on all their installed plugins. Note, the plugin has now been removed from the plugin directory.

WordPress exploit led to Linux Mint hack image/svg+xml

A comment on the Linux Mint blog indicates that a WordPress exploit was the cause of their recent hack.

I’ll ask this question, without knowing the intrinsic details, or any specific details other than what has been posted above; did the breach have anything to do with the fact that you’re running WordPress?

Best wishes and thanks for the heads up.

-k0nsl

Edit by Clem: Yes, the breach was made via wordpress. From there they got a www-data shell.

A later comment sheds a bit more light.

Could you give a detailed description on how they managed to get in via WordPress?. I’m curious whether it is a 0-day exploit due to bug in WordPress core or whether it was caused by plugins that you’re running. If it’s due to core WordPress bug then every WordPress websites out there is in serious problem.

Edit by Clem: No plugins, latest WP, but a custom theme and lax file permissions for a few hours. The security experts will probably find the exact cause. At the moment there’s no indication it’s related to WP core (we’d probably see a lot more sites being hacked right now, this seems to be targeted specifically at us).

Having recently attended a penetration testing seminar, and noticing how often WordPress was mentioned/targeted, I’m not in the least surprised by this news. Anyhow, I hope Clem shares more details, if and when they become available.

Beware of hacked ISOs if you downloaded Linux Mint on February 20th! image/svg+xml

We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you read the information below.

What happened?

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

Ouch! With Linux Mint at the top of the DistroWatch charts, it would be interesting to know the number of downloads involved.

Mysterious spike in WordPress hacks silently delivers ransomware to visitors image/svg+xml

In the past four days, researchers from three separate security firms have reported that a large number of legitimate WordPress sites have been hacked to silently redirect visitors to a series of malicious sites. The attack sites host code from the Nuclear exploit kit that’s available for sale in black markets across the Internet. People who visit the WordPress sites using out-of-date versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer can then find their computers infected with the Teslacrypt ransomware package, which encrypts user files and demands a hefty ransom for the decryption key needed to restore them.

Nasty. I wonder if it’s just a coincidence that WordPress 4.4.2 was released a few days ago, with details of the exploits it fixed?

Semi-related, my local County Council’s systems were shut down last week due to a ransomware attack. I think the payload was delivered by email, but the result was the same. Apparently, the ransom was $500 in Bitcoin.

$500. WTF!?