Security

Yesterday, PHP-Fusion announced that someone had hacked into their site and changed the download link for PHP-Fusion Version 7.

Hello all,

We had an issue a few days ago where a malicious person gained
access to our site as a super administrator via a weak account/gained
password. They apparently changed the download link of PHP-Fusion
version 7 to spendspace and it was packaged as a .rar file.

If you downloaded one of these files, please reinstall your entire site using a fresh copy from SourceForge.

While this isn't a good thing, it is a positive that PHP-Fusion disclosed the possibility that the link led to a version of PHP-Fusion that may have been maliciously changed.  I can recall a number of other projects (open source and propriety) that have found their source code made vulnerable by someone intruding into their servers.  What is always important to customers in these cases is disclosure and transparency.  So far, PHP-Fusion seems to be doing the right thing.

However, as of this Thursday morning...it looks like PHP-Fusion's hosting company has suspended their account. At the time of this writing, there is no words given as to the reasons for the suspension.  I suspect the suspension is likely to be security related.  Perhaps, we'll see an announcement at SourceForge on the status of PHP-Fusion if their home site doesn't come back online soon.

Ironic how the world can change so quickly.  Yesterday, the CIO of my organization began enforcing the use of anti-virus software on all of our Linux clients and servers.  Today, I read that Apple is telling its Mac users to purchase anti-virus software.  Something nasty is brewing out there.

Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.

Tim Wilson, the site editor for Dark Reading, recently posted an article about recent at the AARP.org website.  In the colorfully titled article, "Porn Operators Hijack Pages on AARP Website", Wilson interviews Jeremy Yoder of MX Logic about why AARP.org's site was vulnerable.  In brief, the explanation given is that the site deployed a number of Web 2.0 features including user profile submissions which the site didn't properly filter out JavaScript redirected code.  Yoder than

Serendipty 1.3 has been released. This new version of the blogging applications introduces 41 changes. Not only are enhancements and additional features introduced, but also changes to address a nasty cross site scripting issue (security exploit).

Some of the more significant features and enhancements for Serenditpity 1.3 include:

• The karma rating plugin has been upgraded to support nice, CSS-based rating graphics and an overall rehaul on the its coding.
• Make the Spartacus plugin be able to use FTP upload, a workaround for SafeMode PHP restrictions. Also add a remote backend for plugin update checks.
• Import scripts for phpNuke and lifetype.

This is why I'm very cautious in using any type of search engine toolbar (Google, Yahoo, etc).

Google is working to fix a bug in the Google Toolbar that could allow criminals to steal data or install malicious software on a system, a security researcher warned Tuesday.

The flaw lies in the mechanism Google Toolbar uses to add new buttons on the browser. Because the toolbar does not perform adequate checks when new buttons are being installed, a hacker could make his button appear as though it was being downloaded from a legitimate site when in fact it came from somewhere else.

I felt fear, awe, and even some admiration when I read at CNET about the latest social engineering attack dreamed up by those ingenious Russian hackers.

Those entering online dating forums risk having more than their hearts stolen.

A program that can mimic online flirtation and then extract personal
information from its unsuspecting conversation partners is making the
rounds in Russian chat forums, according to security software firm PC Tools.

An excellent article at CIO Insight in their "Expert Voices" column concerning IT security.  The article is titled, "IT Security, Reconsidered":

I came across a well written summary of content management applications (especially open source CMS) via a Security Blog over at GLORIAD. The CMS article is a near perfect overview on the state of CMS in 2007. This article is a "must read" in my opinion and it's really too bad I didn't write it first. Can you tell I'm envious?

At the end of the article the author concludes:

Some critical security and stability updates have been made available for my favorite Internet browser, Firefox, as well as my favorite e-mail client, Thunderbird.

As part of Mozilla Corporation's ongoing stability and security update process, Firefox 1.5.0.9, Firefox 2.0.0.1, and Thunderbird 1.5.0.9 are now available for Windows, Mac, and Linux for free download from getfirefox.com & getthunderbird.com.

We strongly recommend that all Firefox users upgrade to this latest release. This update is available immediately in 41 languages including Spanish, Japanese, Arabic, Hungarian, and more.

The November 20, 2006 article "Spam surge linked to hackers" from eWeeks is a must read. Unfortunately, I can't find the actual online version of the article in print.

The article discusses the increasing complexity hackers are using botnets running on tens of thousands of hijacked Windows computers to spread spam. The article focuses on the research by SecureWorks regarding the malware trojan called Troj/SpamThru. Some scary unique features have been identified with this trojan including: