Linked by Thom Holwerda on Mon 26th Sep 2011 22:25 UTC, submitted by HAL2001
Privacy, Security, Encryption Well, this is embarrassing. has been hacked (fixed by now), and was turned into a platform serving malware to unsuspecting visitors. The criminals did this by injecting a script which redirected visitors to a website which uses the BlackHole exploit pack, which probes the browser used and serves up an appropriate exploit. Computer security blogger Brian Krebs saw root access to being offered for $3000 only a few days ago.
Thread beginning with comment 490903
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: IE 9 will block this.
by Gullible Jones on Tue 27th Sep 2011 12:49 UTC in reply to "IE 9 will block this."
Gullible Jones
Member since:

XSS blocking != wholesale Javascript blocking. Though last I checked it is possible to get Noscript-like functionality on IE using Proxomitron.

(And IIRC Chrome does include some measures against XSS, just not as many as Noscript.)

IE 8 and 9 are sandboxed on Windows Vista and 7 though, if you enable UAC. Not sure how effective that would be in this case. I personally wouldn't know, since I never use IE - I find the user interface annoying.

Reply Parent Score: 2