Pigs fly... oh, and another 0-day ... ho hum

Hi folks,

In a previous entry I suggested that we'd probably never know how the uc8010.com mass hack occurred unless one of the website victims told us, and that the chances of that were about the same as flying pigs. Guess what ... it turns out that some people do have the right combination of nerve, public spirit, and willingness to share about security matters... so... pigs _can_ fly, and now we know how it happened. I _did_ promise it was off the record, so we can't share it further, but at least we know. Bravo to that person!

And why ho-hum about a 0-day? It only affects users of a product called QVOD Player, which seems to be a popular Chinese media player, but which is probably only on Chinese user's machines.

The exploit code is coming from a Chinese website, so that makes sense, and it is obfuscated by flipping all the high-order bits in the javascript, to make it harder to read and notice.

Fortunately, this appears unlikely to be taken up by the gangs targeting Western PCs and the kit developers, so it's probably not going to be a major problem.

The real message, of course, is that the Bad Guys are still thinking.

Cheers

Roger