Tuesday, March 18, 2008

Attacks, Attacks, and More Attacks

So many I’m unable to follow them all let alone post a story on each. There are a few I wanted to draw attention to though.

McAfee reported that an estimated 10K – 20K web pages (most running ASP) were laced with a malicious JavaScript iframe that infects visitors with a password-stealing Trojan targeting popular online games. The event was very similar to the Dophin Stadium hack from way back during the Super Bowl. From the reports I couldn’t immediately discern how the compromise originally took place.

Now there seems to be another mass attack, this time affecting 200K pages, most running phpBB. Wow.

Next we got reports of a “Major Flaw In Pennsylvania Online Voter Registration”. Careful pressing the digg link, it’ll download someone’s voter registration card. Check out the comments below and you’ll get the idea. Basically it’s a simple URL number rotation hack. Score for insufficient authorization and a whole bunch of other oversights.

Lastly check this out, “Close to 70 Massachusetts banks have been contacted by Visa and MasterCard”, having potentially “exposed hundreds of thousands of consumers in the northeastern U.S.” The smart money says an ASV might have gotten 0wN3ed.

3 comments:

Unknown said...

The Mass. banks mention might have something to do with the Hannaford security breach which is an east coast super market chain. The article insinuates the breach may extend beyond Hannaford?

http://apnews.myway.com/article/20080317/D8VFDD180.html

and

http://pcianswers.com/2008/03/18/hannaford-credit-card-data-breach

Anonymous said...

This has truly been a great week for web application INsecurity. I believe I read about the IFRAME incident on Slashdot though I could be mistaken. Over the past few days I've been coming across more and more results full of nefarious IFRAME injections while searching for unassuming and unrelated queries on Google. I found the Pennsylvania voter registration issue to be especially funny as sequential number patterns are easily avoidable, or at least set up in such a way that the vulnerability could be negated. I'm curious to know if anyone has spidered the results yet.
Pennsylvania must now be aware of the situation, because the resources are inaccessible. "The Commonwealth of Pennsylvania web site that you are trying to reach is either not available or is undergoing maintenance. Please try back later. Thank you for your patience."

Jeremiah Grossman said...

Yah, its been more than a little crazy. Its not to say we didn't know it was coming though. All of us have known for a long time about the sad state of Web security. I guess it just took a little time for the bad guys to catch up and figure out how to monetize their efforts. One thing thats been on my mind is that these iframe attacks get noticed because they host malware. On the other hand, what about the SE0wN3d attacks where just links are injected and no one would really notice? I wonder how many of those incidents are out there we don't know about.