Attack

Follow up from: Hacker Gains Access To WordPress.com Servers Tech Crunch: WordPress.com has revealed that someone has gained root-access (“low-level,” as in deep) to several of its servers this morning and that VIP customers’ source code was accessible. WordPress.com VIP customers are all on “code red” and in the process of changing all the passwords/API keys they’ve left in the source code. ...

Tech Crunch: WordPress.com has revealed that someone has gained access to several of the their servers this morning and that VIP customers’ source code was accessible. WordPress.com customers are all on ‘code red’ and in the process of changing all the passwords/api keys they’ve left in the source code. “Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed. ...

Thanks to my friend, Pondus! Ars Technica: Hundreds of thousands of URLs have been compromised—at the time of writing, 694,000 (it’s over millions of site when you are reading this)—in an enormous and indiscriminate SQL injection attack. The attack has modified text stored in databases, with the result that pages served up by the attacked systems include within each page one or more references to a particular JavaScript file. ...

Cnet: A malicious attacker that appears to be the Iranian government managed to obtain supposedly secure digital certificates that can be used to impersonate Google, Yahoo, Skype, and other major Web sites, the security company affected by the breach said today. Comodo, a Jersey City, N.J.-based firm that issues digital certificates, said the nine certificates were fraudulently obtained, including one for Microsoft’s Live.com, have already been revoked. A fraudulent certificate allows someone to impersonate the secure versions of those Web sites–the ones that are used when encrypted connections are enabled–in some circumstances. ...

CNET wrote: The popular blogging-site hoster WordPress was hit with another distributed denial-of-service attack this morning, the second in two days. “Unfortunately, the DDoS attack from yesterday returned in a different form this morning and affected sitewide performance,” the company said in a notice on its Automattic site, which serves as a dashboard for the service. “The good news is that we were able to mitigate it quickly and performance returned to normal around 11:15 UTC. We are continuing to monitor the situation closely.” ...

Just a day after Dutch police arrested a 16-year-old boy in connection with WikiLeaks-related denial-of-service attacks, websites belonging to the Netherlands computer crime cops and prosecutors have been struck with a similar assault. Dennis Janus, a spokesman for the National Police Service confirmed that both the police website, and that of the National Prosector’s Office had been offline for much of the day, with many theorizing that the likely reason is a distributed denial-of-service (DDoS) attack similar to that which was launched against MasterCard, PayPal and other firms. ...

Controversial whistleblower website WikiLeaks was hit by another massive distributed denial of service (DDoS) attack earlier this morning. On Sunday, the site was taken down for several hours via a sustained DDoS attack, just hours before the release of thousands of secret U.S. documents. Responsibility for Sunday’s attack was claimed by a single hacker, the Jester, though many are skeptical that it was the work of just one person. ...

Mashable: The distributed denial of service (DDoS) attack that took down WikiLeaks as the site published secret U.S. embassy cables over the weekend could be the work of a single hacker, working for his own agenda. The hacker, called the Jester (or th3j35t3r), describes himself as a “hacktivist for good” and posts the message “TANGO DOWN” after a successful attack, together with a link of the sites he takes down. The focus of his attacks, the Jester claims in his Twitter Bio, is “obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys.” ...

Mashable: Controversial whistleblower website WikiLeaks is reporting that it’s under a “mass distributed denial of service attack” just as its much-hyped leak of secret embassy cables has been leaked early on Twitter. According to a tweet from the website’s official Twitter account, WikiLeaks is experiencing a DDoS attack. The reported attackers are not yet known. Several reports state that the website has been experiencing intermittent downtime. We are currently attempting to verify that WikiLeaks is indeed under attack. ...