There is a brand new Wordpress hack attack making the rounds, that redirects all traffic to your site through itsallbreaksoft.net and paymoneysystem.info, and then on to any number of junk sites full of advertisements. The intermediate redirect to paymoneysystem.info actually goes through the URL paymoneysystem.info/in.cgi?michaeleknowlton, suggesting that someone using the name Michael Knowlton is going to be benefiting from any monies earned by the ads. Here’s how it was done, and how to fix it. Fortunately, the immediate fix is very easy.
Just this past week we told you about a vulnerability that all jailbreaked iPhones are at risk for, due to there being a default root password for SSH that most people who jailbreak their iPhones don’t (know to) change. Now, taking advantage of that same ‘default root password’ issue, countless jailbroke iPhone owners are finding Rick Astley’s mug on their iPhone, as jailbroken iPhones get “rickrolled” by the Ikee worm. (A “rickroll” (“rick roll”) is a fad that started a couple of years ago when, inexplicably, the video of Astley’s “Never Gonna Give You Up” became the visual punchline to tricks played across the Internet, with links to supposedly topical content actually taking the user to the Astley video. To get so tricked is to get “rick rolled”.)
A Dutch hacker has demonstrated that jailbreaking your iPhone opens it up to a hack that allows your jailbroken iPhone to be easily accessed and remotely controlled. This doesn’t necessarily mean that you shouldn’t jail break your iPhone (or that you should, we pass no judgement on the act of jailbreaking an iPhone), but it does mean that if you are going to jailbreak your iPhone, you need to know how to close the security hole you will create (or already have created) by jailbreaking your iPhone.
A plague of rogue Facebook applications that are stealing user credentials – such as usernames and passwords – has been sweeping Facebook in the past week. The phishing Facebook apps work the same way that many other applications do – including sending an email to your Facebook friends, with links to click on, and when you type in your username and password, BAM! Your login credentials have been stolen.
If you use Gmail, and also use Facebook, it can be very easy for someone to password crack and access your Gmail account using Gmail’s recover password retrieval feature. This is because Gmail’s access password recovery feature allows anybody to guess the answer to your “forgot password” reset security question. And if the answer to your forgotten password reset security question happens to be information easily gleaned from your Facebook account (or some other social network information), then password hacking your Gmail account is as easy as typing in that password protection answer. (And we use the term “password protection” loosely.)
As online society becomes ever more social, and cares ever less about personal security, the phrase “social security” seems more than ever an oxymoron. Perhaps nowhere is this more clearly brought home than in this week’s announcement by researchers at Carnegie Mellon that they have cracked the social security code, and were able to predict with frightening accuracy many social sercurity numbers (SSN). In many cases, their hack was aided by information gleaned from such social networking sites as Facebook.
A new hotel network security study by Cornell University entitled “Hotel Network Security: A Study of Computer Networks in U.S. Hotels” has proven that using the wireless Internet – and even cabled Internet – at your hotel is almost always inherently insecure and unsafe.
A new hack has Wordpress hackers disabling all of your Wordpress plugins (including, you see, Akismet or any other anti-spam comment spam stopper plugin), which then allows them to inject comment spam into your blog at will. So if you suddenly find yourself getting an enormous amount of comment spam all at once, or if you suddenly find your blog pages coming up blank (because with your plugins disabled, that often can be the case) you may be the victim of this latest plugin-disabling comment spam hack.