SSL encryption hacked

stephen barncard stephenREVOLUTION2 at barncard.com
Wed Sep 21 12:12:53 EDT 2011


Some of my Dreamhost accounts have been violated by a group of Malaysian
script kiddies.  I wonder what they used.  My early investigation revealed
pieces of code that appeared in a Wordpress media upload folder. This is the
place where Wordpress puts imported photos and other media.

 They had complete run of my 8 or so websites at 'shared' root.

one of the files had PHP and Javascript code that OBVIOUSLY was used to
commit these crimes.    Other stuff on there wasn't used in my attack:
Denial of Service code, etc.

It looked like a complete burglar's kit of tools.  UGH. I had to take a
shower after touching this stuff.

There's creepy stuff out there that could destroy the very foundations of
the WEB:

SSL Encryption ( in some cases ) has been
cracked<http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/>
.  Paypal has been
breached<http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/>
by
researchers.

Without confidence, the entire web could become inert and useless, like CB
radio.

One good thing - the kiddies will temporarily be confused by odd-looking
Livecode scripting. Probably think it's a PHP derivative.

On 21 September 2011 04:09, Claudi Cornaz <claudi.c at fiberworld.nl> wrote:

> Hi all,
>
> I came across this article and altough I don't know much about this I
> thought it might interest some of you.
> Hackers break SSL encryption used by millions of sites
>
> I don't know which version of SSL livecode server deploys, but apparently
> this might be something quite serious
> and perhaps even a unique opportunaty for livecode server by
> being/becomming save.
>
> Claudi
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



-- 



Stephen Barncard
San Francisco Ca. USA

more about sqb  <http://www.google.com/profiles/sbarncar>



More information about the use-livecode mailing list