SSL encryption hacked
stephen barncard
stephenREVOLUTION2 at barncard.com
Wed Sep 21 12:12:53 EDT 2011
Some of my Dreamhost accounts have been violated by a group of Malaysian
script kiddies. I wonder what they used. My early investigation revealed
pieces of code that appeared in a Wordpress media upload folder. This is the
place where Wordpress puts imported photos and other media.
They had complete run of my 8 or so websites at 'shared' root.
one of the files had PHP and Javascript code that OBVIOUSLY was used to
commit these crimes. Other stuff on there wasn't used in my attack:
Denial of Service code, etc.
It looked like a complete burglar's kit of tools. UGH. I had to take a
shower after touching this stuff.
There's creepy stuff out there that could destroy the very foundations of
the WEB:
SSL Encryption ( in some cases ) has been
cracked<http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/>
. Paypal has been
breached<http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/>
by
researchers.
Without confidence, the entire web could become inert and useless, like CB
radio.
One good thing - the kiddies will temporarily be confused by odd-looking
Livecode scripting. Probably think it's a PHP derivative.
On 21 September 2011 04:09, Claudi Cornaz <claudi.c at fiberworld.nl> wrote:
> Hi all,
>
> I came across this article and altough I don't know much about this I
> thought it might interest some of you.
> Hackers break SSL encryption used by millions of sites
>
> I don't know which version of SSL livecode server deploys, but apparently
> this might be something quite serious
> and perhaps even a unique opportunaty for livecode server by
> being/becomming save.
>
> Claudi
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
--
Stephen Barncard
San Francisco Ca. USA
more about sqb <http://www.google.com/profiles/sbarncar>
More information about the use-livecode
mailing list