Sunday, March 23, 2008

Arthur C Clark dies, and Space.com gets hacked!

Can't you see the pattern emerging??

Seriously though, uplink.space.com (careful) has had an iframe injected into it, and it's reaching out to another seemingly hacked site (www.forvideo.at - careful),



and launching a encrypted javascript




that turns out to be a simple and venerable MS06-014 exploit.

It's not an exploit pack, so it's just a single exploit, and it's tracking IPs, so it'll only come once, but it's there.

And the exploit is only an MS06-014, but the point is that if the website is vulnerable enough to have a mouldie old exploit injected, it could have something much newer and fiercer. Space.com needs to fix their website, and we've sent them an email about it. Hopefully they will, because they get an awful lot of visitors each month.

Cheers

Roger

Labels:

1 Comments:

At 10:40 AM, Anonymous Anonymous said...

nice description of the exploit. can you talk about how the javascript payload in the response gets decrypted? Also, how did the hacker inject the iframe to begin with? Thanks!

 

Post a Comment

<< Home