China’s leading search engine claims a shocking lack of security nous at its chosen domain name registrar was responsible for a prolonged outage last month.
China’s Baidu says in legal papers that that an obvious scammer was able to con Register.com support staff into handing over the keys to its kingdom, resulting in millions of dollars of lost revenue.
Baidu, which commands 70 percent of the Chinese search market, was offline for at least four hours on the 12th of January. During the incident, its baidu.com home page instead showed the messaged “This site has been hacked by the Iranian Cyber Army”.
In its lawsuit, the company claims a Register.com support rep allowed the hacker to reset the administrative email address for the domain to ‘antiwahabi2008@gmail.com’, despite the imposter providing obviously incorrect security codes during an online chat.
The hacker then allegedly used Register’s automated password reminder function to change Baidu’s account password, giving him access to the domain’s name servers. The whole rudimentary scam took less than 45 minutes, Baidu claims.
This generates the sql code to overwrite your Joomla password with a new password typed in this form.
You need to run the generated sql code in PHPMyAdmin or your favorite MySQL interface.
We do not save or give away these passwords.This is Javascript code and it runs on your own machine.
New password:
Database prefix (taken from $mosConfig_dbprefix in configuration. php).
Usual values are ‘jos_’ for Joomla and ‘mos_’ for Mambo respectively, whithout the quotes:
Google has announced it’s own phone “Nexus One”. Following are the key features of the phone:
Russian security firm Intevydis has made a Windows exploit for a previously unknown security hole in Firefox 3.6 available to its customers. The exploit allows attackers to remotely gain control of a PC. Intevydis develops the commercial VulnDisco add-on for the also commercial Canvas exploit toolkit by vendor Immunity. On the Immunity forum, developer Evgeny Legerov praises his exploit for Windows XP (SP3) and Vista as being quite reliable. The developer says It was an interesting challenge to find the flaw – a buffer overflow – and to exploit it.
While the post dates back to the beginning of February, the hole is likely to remain open since no updates have been released for Firefox 3.6 so far. Secunia rates the problem as critical, but hasn’t provided any further information in its advisories and the Mozilla Foundation has become aware of the problem, but has yet to release an official statement. Whether the exploit has already been widely circulated or used on a large scale remains unknown.
However, according to the analysis on the Extraexploit blog, a significant increase in the number of Firefox 3.6 crashes was noted on the 12th and 13th of February. It is unclear whether the crashes were connected to the exploit being tested. The pages causing the highest number of crashes are listed in Mozilla’s crash reports.
In passing, Legerov also mentions zero day exploits for Lotus Notes 8.5/8.5fp1 and for RealPlayer 11. The exploit for RealPlayer is the modernised version of an exploit that appeared two years ago for a hole that RealPlayer closed only recently.