Wednesday, October 27, 2010

Conservative DC paper reports that Iran-associated hackers have exploited a WordPress flaw on some sites

The “conservative” newspaper “The Washington Times”, in a front page story by Shaun Waterman Thursday, warned that hackers in Iran seem to have exploited some reported vulnerabilities in Wordpress, and planted botnet Trojans that can sometimes take control of computers of visitors to these sites. The hackers may be playing pranks or trying to attack enemies of Shiite Islam, but there is no evidence that they are connected to the government in Tehran.

It was not reported here whether standard anti-virus software actively protects visitors to infected sites and prevents their computers from becoming compromised or commandeered. Presumably major antivirus companies would detect them readily. Since WordPress is so popular with "amateur" bloggers (even in comparison to Blogger), especially sites mapped to separate domains, the report could be alarming, although the number or frequency of such sites is not known. WordPress is considered superior in some ways by many bloggers. 

Some connected vulnerabilities appear in Adobe PDF, java, and Microsoft Internet Explorer. (The safety of java and applets would deserve a discussion some other day; in the late 1990s the relatively safety of it was touted in java training classes.)

The link to the Washington Times (“TWT”) story is here.

Possibly in response to the stories about WordPress (and there have been earlier reports of vulnerabilities), competitor Google tweeted and published a "Blogger Buzz" story about "Safe Browsing on Blogger" here (Blogger is "its" product).

No comments: