Why is WordPress 2.8.2 a Critical Update?
WordPress has just released a security update.
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site
Unfortunately, the official blog didn’t mention that this upgrade is actually critical and why you should update ASAP. Let me explain this.
Continue »»
GStats .cn and GCounter .cn – Malicious Code in .js Files
This must be not a new attack (I’ve found an almost year old article that mentions gcounter iframes) but I started to notice it this past weekend. First, on the Google’s Webmaster Forums, then in the Unmask Parasites logs. So I guess it’s a new wave of the attack.
GCounter .cn
When I first encountered a site infected by gcounter, I checked it with Unmask Parasites. Nothing suspicious was found except for the fact that the domain name was blacklisted by Google. I checked the diagnostic page and found this clue:
Malicious software is hosted on 1 domain(s), including gcounter.cn/.
NoScript Helps Reveal Website Exploits – Telegram .com Case
FireFox + NoScript
I usually suggest that you should use FireFox with the NoScript plugin for safer web browsing. This combo will save you from most web threats. Just remember one rule: Never use the “Allow this page” and the “Allow Scripts Globally” options.
NoScript reveals website exploits
NoScript is also a great helper in revealing tricky website exploits.
Let me use the “Telegram .com” case to show how I use it. Continue »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
