SSL encryption hacked
Keith (Gulf Breeze Ortho Lab)
keith at gulfbreezeortholab.com
Wed Sep 21 15:28:31 EDT 2011
Hi There,
I have had a few Web sites hacked in the past, and each time (without
exception), it was due to a vulnerability in WordPress. Just an FYI.
Sincerely,
- Boo
-----Original Message-----
From: stephen barncard
Sent: Wednesday, September 21, 2011 11:12 AM
To: How to use LiveCode
Subject: Re: SSL encryption hacked
Some of my Dreamhost accounts have been violated by a group of Malaysian
script kiddies. I wonder what they used. My early investigation revealed
pieces of code that appeared in a Wordpress media upload folder. This is the
place where Wordpress puts imported photos and other media.
They had complete run of my 8 or so websites at 'shared' root.
one of the files had PHP and Javascript code that OBVIOUSLY was used to
commit these crimes. Other stuff on there wasn't used in my attack:
Denial of Service code, etc.
It looked like a complete burglar's kit of tools. UGH. I had to take a
shower after touching this stuff.
There's creepy stuff out there that could destroy the very foundations of
the WEB:
SSL Encryption ( in some cases ) has been
cracked<http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/>
. Paypal has been
breached<http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/>
by
researchers.
Without confidence, the entire web could become inert and useless, like CB
radio.
One good thing - the kiddies will temporarily be confused by odd-looking
Livecode scripting. Probably think it's a PHP derivative.
On 21 September 2011 04:09, Claudi Cornaz <claudi.c at fiberworld.nl> wrote:
> Hi all,
>
> I came across this article and altough I don't know much about this I
> thought it might interest some of you.
> Hackers break SSL encryption used by millions of sites
>
> I don't know which version of SSL livecode server deploys, but apparently
> this might be something quite serious
> and perhaps even a unique opportunaty for livecode server by
> being/becomming save.
>
> Claudi
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
--
Stephen Barncard
San Francisco Ca. USA
more about sqb <http://www.google.com/profiles/sbarncar>
_______________________________________________
use-livecode mailing list
use-livecode at lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
More information about the use-livecode
mailing list