Follow up from the weekend's SetSlice activities

Hi folks,

Now that the dust has settled from the weekend's activities, it's worth trying to figure out what happened. The basic timeline went like this...

Friday evening, we discovered the SetSlice exploit in use in the St Petersburg iframers sites, and just when we thought it is was safe to go back in the water the next morning, we discovered it in the bogus search engine (normally called CoolWebSearch) sites.

No patch exists for this exploit even now, but the exploit is not really widespread because something really interesting happened.... someone shut their websites down!

Now, normally, I wouldn't be all that shocked to see an exploitive website shut down, except that these guys have been around so long, I thought they must be invulnerable. The iframers have been doing exactly the same thing for years, just swapping ISPs when someone got tense with them, and the CoolWebSearchers have been shooting WMF exploits at people with impunity since January this year at least.

I guess they made someone really grumpy.

You have to admire their resilience though. The iframers are already up and running somewhere else, and the CWS folk are trying.

It's good for Internet safety though, because it puts us closer to Patch Tuesday and a (hoped-for) official patch.

Cheers

Roger