Simon Willison’s Weblog

Items tagged security in Jun, 2007

Filters: Year: 2007 × Month: Jun × security ×


Safari Beta 3.0.1 for Windows. A nice fast turnaround on fixes for security flaws in the beta. # 14th June 2007, 9:56 am

Safari for Windows, 0day exploit in 2 hours (via) Once again, down to handling of alternative URL protocol schemes. # 12th June 2007, 1:30 pm

Security Breach. A statement from Dreamhost. # 8th June 2007, 8:16 am

Firefox promiscuous IFRAME access bug. Lets malicious sites “display disruptive or misleading contents in the context of an attacked site” and intercept keystrokes! The demo worked in Camino 1.5 as well. Avoid using Gecko-based browsers until this is patched? # 6th June 2007, 10 am

Gaping holes exposed in fully-patched IE 7, Firefox (via) Michal Zalewski released a new Firefox 2.0 vulnerability in addition to the IE cookie stealing one. # 6th June 2007, 9:57 am

IE vulnerability allows cookie stealing. Full exploit against the same-domain cookie origin policy, so malicious sites can steal cookies from elsewhere. Avoid using IE until this is patched. # 6th June 2007, 9:53 am

Massive Dreamhost hack, WordPress not to blame

On mezzoblue, Dave Shea reports that someone had modified every index.php and index.html file on his site to include spam links at the bottom of the page, hidden inside a <u style="display: none;">. Dozens of other people in his comments reported the same thing happening to their sites.

[... 279 words]

Unsettling. Sounds like there might be a massive scripted hack going on against out of date WordPress installs on Dreamhost. Check your site. See also discussion in the comments attached to this post. # 5th June 2007, 9:16 pm