Comments for CyberInsecure.com

Comment on Sony USA PlayStation Website SQL Injected And Redirects Visitors To Fake Anti-Virus Scam by Greg Martin

Greg Martin — Wed, 02 Jul 2008 21:13:50 +0000

If you are infected by these SQL Injection attacks, please address this immediately as your website could be infecting people with this garbage too…

http://infosec20.blogspot.com

Comment on New Malware Spam Reporting Bogus Beijing Earthquake Targets Olympic Games Fans by CyberInsecure

CyberInsecure — Tue, 24 Jun 2008 13:41:16 +0000

If it was indeed an email that infected your PC, do not use the internet for surfing until you scan your system and clean the virus. Otherwise, you might lose some, if not all, of your online accounts passwords.

Scan and clean your system as soon as possible, with more than just one anti-virus.

Comment on New Malware Spam Reporting Bogus Beijing Earthquake Targets Olympic Games Fans by oswald

oswald — Tue, 24 Jun 2008 12:56:40 +0000

I just opened a flippen e-mail about the CHINESE EARTQUAKE.Is it at all harmful to my computer or internet banking fasilities? If so, what should I do?

Comment on Social Networks Information Sharing Flaw Exposes Private MySpace Users Photos by CyberInsecure

CyberInsecure — Fri, 20 Jun 2008 00:03:29 +0000

Again, this method does not work anymore.

desperate mom: There are much easier ways (keylogging) if you have a local access to the PC. Since you are a mom, you can also practice your parental rights and openly demand to see what the “teen” is doing on myspace, “or else…” (even better, no hacking involved).

Comment on Social Networks Information Sharing Flaw Exposes Private MySpace Users Photos by keleigh

keleigh — Thu, 19 Jun 2008 22:40:33 +0000

I am trying to access my teens myspace that is private, is there anyway? I tried the suggestion above with the yahoo and widgets, and myspace didn’t come up in the search.

Thank you
desperate mom

Comment on Credit Cards Data Stolen In 1st Source Bank Intrusion by John Franks

John Franks — Sat, 14 Jun 2008 15:39:01 +0000

Why does this keep happening? There is a defined eCulture called The Business-Technology Weave that helps to influence employee behaviour as regards security, use and integrity of data. This is particularly relevant: ***spam - link removed*** . Some good stuff here too: ***spam - link removed*** . We use this book at work - I wouldn’t recommend it if it wasn’t making a tremendous difference. Frankly, I would like my bank and any institution that handles MY personal data to read it - before it’s too late! Given all of these data thefts, it’s only a matter of time before any specific person experiences a real headache - something worse than losing your wallet, for example. Can’t we get proactive about this??

Comment on WordPress Multiple SQL Injection Vulnerabilities by CyberInsecure

CyberInsecure — Thu, 12 Jun 2008 11:43:08 +0000

The issue was fixed in WP 2.5.1.

Comment on WordPress Multiple SQL Injection Vulnerabilities by peter sysko

peter sysko — Thu, 12 Jun 2008 02:43:34 +0000

pleast visit http://www.php.net/manual/en/function.mysql-real-escape-string.php
to view best practice to prevent sql injections in php/mysql.. if wordpress does not use mysql_real_escape_string correctly or at all, this could be a serious issue for hundreds of thousands of wordpress installations! i’m staing notified to see if anyone else comments here.

Comment on Social Networks Information Sharing Flaw Exposes Private MySpace Users Photos by CyberInsecure

CyberInsecure — Tue, 10 Jun 2008 07:08:26 +0000

According to some users reports, the Myspace widget has been removed and it does not work anymore.

Comment on Social Networks Information Sharing Flaw Exposes Private MySpace Users Photos by Mike

Mike — Tue, 10 Jun 2008 06:17:52 +0000

Has this been fixed?

Comment on Stolen Database Being Used To Spam Stickam Users by Doug Asker

Doug Asker — Mon, 09 Jun 2008 01:21:34 +0000

It seems that the social networking movement will be stopped in its tracks if people loose confidence in those who store their data. Social networking companies need good and effective spam bots but also, and more importantly, human intervention. Faceparty in the UK had recently had to kill their chat rooms because of abuse. Effective moderation will just have to be seen as a cost of doing business in this space!

-Doug Asker

Comment on Hacked Comcast.net Leaves Users Without Email Access by CyberInsecure

CyberInsecure — Fri, 30 May 2008 09:56:00 +0000

According to DSLReports forums, the outage is still going on, for 24 hours already.

Thanks, Keith, for bringing this to our attention.

Comment on Hacked Comcast.net Leaves Users Without Email Access by Brandon Cosio

Brandon Cosio — Fri, 30 May 2008 04:46:23 +0000

Honestly, do hackers have a freakin life or do they spend their whole day sitting at a computer trying to f*** up peoples lives. How am I supposed to know i I got the job at Best Buy. Hackers need to get a life and needto get laid!

Comment on New Adobe Flash Vulnerability Exploited In Latest Mass SQL Injection Attack by CyberInsecure

CyberInsecure — Thu, 29 May 2008 20:20:37 +0000

Updated. Thanks Zach Stepek, JD, Steve and Corey.

Comment on New Adobe Flash Vulnerability Exploited In Latest Mass SQL Injection Attack by Corey

Corey — Thu, 29 May 2008 19:38:11 +0000

Correction… the latest Flash player is immune from this vulnerability 9.0.124. Just fyi.

Comment on New Adobe Flash Vulnerability Exploited In Latest Mass SQL Injection Attack by Steve

Steve — Thu, 29 May 2008 19:35:59 +0000

My contacts in Adobe say this is not true.

Comment on New Adobe Flash Vulnerability Exploited In Latest Mass SQL Injection Attack by Zach Stepek

Zach Stepek — Thu, 29 May 2008 19:35:28 +0000

The information listed here is incorrect. Check the appropriate security websites and Adobe’s website to see the full details. This issue was addressed in the last Flash Player update.

Comment on New Adobe Flash Vulnerability Exploited In Latest Mass SQL Injection Attack by John Dowdell

John Dowdell — Thu, 29 May 2008 19:31:15 +0000

“At this moment there is no known patch available from Adobe, and no known workaround.”

uhm, if you just use the current version, then you’re protected from those Chinese hackers who followed Mark Dowd’s blueprint.
http://blogs.adobe.com/psirt

(The “injection” was to HTML pages, and shows how normal websites are not always protected from hackers inserting evil links into good pages. Those hacked sites just pointed to foreign servers hosting malformed SWF.)

jd/adobe

Comment on Yahoo Banner Ads Infecting Visitors With Malware by Sourced » Sourced » Windows Security Recommendations

Sourced » Sourced » Windows Security Recommendations — Sun, 25 May 2008 10:58:28 +0000

[…] It’s not that my clients did anything wrong, most swear that the last healthy, operational session on the computer consisted of some simple email or an instant messenger session. And I believe them, especially since I noticed many victims of this little surge were using Yahoo email accounts. […]

Comment on Another SQL Injection Worm Making Rounds With 4000 Websites Infected by Dave

Dave — Tue, 13 May 2008 19:28:35 +0000

The method of attack is a POST to an SQL database. There are few if any scanners that detect the POST vulnerability if the code is GET protected. A manual review of any code having access to a database would be in order. Search all files for the following string “request.querystring”. This string limits the SQL injection filtering to GETS and does not filter POSTS. To fix the problem, remove “.querystring”. There may be other attack vectors but I have seen this one successful on sites scanned and found to be safe by several security scanners.