Developers have found open redirect vulnerability in Quora app for Facebook that made stealing Facebook accounts easy. Quora is a Facebook app that connects you to everything you want to know about and it has over 500,000 monthly users, so the victim base for this attack can be considerable. Here is a video demonstration of how to steal any friend’s Facebook account if target Facebook account has Quora app enabled in his Facebook.
Majority of web hosting companies do little when your website gets compromised. They will only tell you to leave when your hosting space gets bugged. You alone are responsible for your data. Use of open source software brings vulnerabilities in scripts which can be used by hackers who can bypass security measures implemented by you and your web host and access your website information. Hackers can inject scripts in your website directory and by using those scripts they can access your files, edit/delete them if they want. I used a good web host in near past, and they told me to leave, take my data and find any other web host. Only few web hosts will actually protect you by assisting you in eliminating the dangerous scripts if your website has any. Dreamhost is web hosting company I have been using for my websites and it feels like home with them. They alert the customers if a vulnerability is found in their web space.
ThePirateBay is currently down with the following message:
Upgrading some stuff, database is in use for backups, soon back again.. Btw, it’s nice weather outside I think.
ThePirateBay’s database was SQL Injected and got hacked by Ch Russo
Ch Russo said the following about the exposed database and user info:
One reason of Firefox to be best is the availability of thousands of free plugins / addons out there. You just go to the Firefox addons official resource and download plugins / addons for your Firefox to make your work more easy. Have you ever thought that these plugins can get your computer’s privacy compromised. Yep! Developers from around the world develop these plugins for you to use. Plugins reside with the same browser you use to buy things online using your credit card and the same browser is used to authenticate your username and password with different online services you use. Time to check your browser’s plugins for reliability, version or upgrade alert and vulnerability scan.
XSS attacks (Cross Site Scripting) can provide hackers access to your website content and database and they can take everything down, which took you years to build. Hackers are on the lookout for Cross Site Scripting (XSS) vulnerabilities in YOUR web applications. Shopping carts, forms, login pages, dynamic content are easy targets. Here are some tools to auto find and fix vulnerabilities and malicious (hidden) iframe code in your website.
XSS Vulnerability can result in a hacked website. Two vulnerabilities have been identified in Ruby on Rails, which could be exploited by attackers and hackers to disclose sensitive information and threat to websites. The first issue is caused by input validation errors when processing unicode characters, which could be exploited by hackers to cause arbitrary scripting code to be executed by the user’s browser in the security context of an affected site.
WordPress Plugin WordSpew will create a shoutbox on your wordpress blog. It uses AJAX, a technology that allows information to be transmitted to the server without the user refreshing the page. So what makes this special is that your users can carry out live chats from your blog without having to refresh the page. It’s kind of like instant messaging! SQL Injection related Vulnerability has been found in this plugin. You blog can be Vulnerable to the SQL Injection if you are using this plugin, until unless the developer who created this plugin solves the problem and write a fix for that.
You can change WordPress default Admin Username and you should definitely do. Why? Security reasons. If someone is trying to break in and enter your blog admin and if your Username is Admin, his half job is done. Do not try this unless you are comfortable with PHPMyAdmin and MySQL. If not, ask someone to do it for you. From WordPress Admin you can not change the Username (though, I wonder why?). First for precaution measures, get Back up of your whole database before doing it.