Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

[WEB SECURITY] Wordpress website hacked, wordpress backdoored

From: dinis at ddplus.net (Dinis Cruz)
Date: Sat, 3 Mar 2007 21:29:55 +0000
nice, the business model is evolving.

But this is still a very 'inefficient' attack since:

 a) the final binaries were the ones infected (very easy to detect (imagine
if the infected code was actually from 'real' SVN source code and made from
a 'trusted' developer))
 b) by the speed this was detected the exploit (and the blog page didn't
give a lot of details about it) must have been a very 'HEY I AM A
BACKDOOR!!!!' kind of code.  A real exploit would be one that (using a .NET
example) used a type confusion attack to insert a buffer overflow on a
remotely accessible method (which would be inserted in day X and only used a
couple months later).

but it's evolving.....

Can everybody that writes code and has a Browser window open under the same
user account (even if non admin) raise their hand? ... nice so many hands
(including mine).... guess what, if your browser is 0wned, so will be your
code..

And OWASP uses WordPress (although Mike tells me that we were not affected)
for our blogs (blogs.owasp.org), nice :)

I am still waiting for the day that we will be maliciously hacked for
commercial reasons since that will be another step in the evolution of the
malicious guy's business model

Dinis in San Jose




---------- Forwarded message ----------
From: bugtraq at cgisecurity.net <bugtraq at cgisecurity.net>
Date: Mar 3, 2007 6:29 PM
Subject: [WEB SECURITY] Wordpress website hacked, wordpress backdoored
To: websecurity at webappsec.org

The Wordpress development team has posted an announcement that the download
server had been hacked, and wordpress 2.1.1 had a backdoor included in it
allowing for remote code execution.

URL: http://wordpress.org/development/2007/03/upgrade-212/

- Robert
http://www.cgisecurity.com/ Web Security news, and more
http://www.cgisecurity.com/index.rss [Subscribe to Security news]

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20070303/b17f9926/attachment.html
Previous By Date Next
Previous By Thread Next

Current thread: