The exploit continues
So in an earlier post ( http://rushyo.livejournal.com/4653.html) I pointed out that, in January, a major profiling site had a significant security vulnerability. I have been following its progress since the site owners have not used information about the vulnerability to patch it and trying to raise awareness of how users can protect themselves against it since.
For the first time, it appears the attack is now being used for non-benign purposes. Users have reported being attacked by trojan horses, a symptom of the XSS flaw in the site. It appears reasonable to assume the malicious hackers are either building a bot-net or trying to steal financial details.
What truly amazes me the site staff still seem to want to pretend to be living in ignorance of this flaw in their system. I expect users to be ignorant of this stuff (some falsely believe Google Ads are the culprit) but the staff should know better than to let something like this continue.
The next logic evolution in this saga is that the attack will be used by some idiot to target the site's staff with the end game of subverting or destroying the entire site. Hopefully they'll patch it before then. Hopefully. I quite like the site.
For the first time, it appears the attack is now being used for non-benign purposes. Users have reported being attacked by trojan horses, a symptom of the XSS flaw in the site. It appears reasonable to assume the malicious hackers are either building a bot-net or trying to steal financial details.
What truly amazes me the site staff still seem to want to pretend to be living in ignorance of this flaw in their system. I expect users to be ignorant of this stuff (some falsely believe Google Ads are the culprit) but the staff should know better than to let something like this continue.
The next logic evolution in this saga is that the attack will be used by some idiot to target the site's staff with the end game of subverting or destroying the entire site. Hopefully they'll patch it before then. Hopefully. I quite like the site.