I just heard in the saturday morning news, that Microsoft had their systems compromised too by this Java exploit. While I can not find anything on this story using Google (too recent a news item?), I noticed that both Twitter and NBC were also hit.
* http://www.theverge.com/2013/2/1/3942660/twitter-was-also-attacked-this-week-passwords-for-up-to-250000-users-compromised ** http://www.theverge.com/2013/2/21/4015040/hackers-exploit-nbc-website-to-spread-malware Yesterday I actually ran into the Blackhole/Java exploit for the first time myself, while trying to debug a Java issue at a customer. The antivirus had apparently been updated and also found the virus, but not before it had wrecked havoc (reinstalling Java did not seem to fix the problem, I eventually traced it down to the trusted.certs keystore being compromised). Being so widespread, surely I am not the only one in this forum now starting to meet it in the wild? /Casper On Wednesday, February 20, 2013 8:06:00 PM UTC+1, Oscar Hsieh wrote: > > AllThingsD reported that iPhoneDevSDK is the site responsible for the > recent facebook/twitter/apple hack > > > http://allthingsd.com/20130219/this-is-the-site-likely-responsible-for-the-recent-major-tech-company-hacks/ > > Here is the response from an iPhoneDevSDK admin > > > http://www.buzzfeed.com/jwherrman/the-innocent-looking-site-that-helped-hack-apple-and-faceboo > > "What we've learned is that it appears a single administrator account was > compromised. The hackers used this account to modify our theme and inject > JavaScript into our site. That JavaScript appears to have used a > sophisticated, previously unknown exploit to hack into certain user's > computers. " > > On Wed, Feb 20, 2013 at 11:10 AM, Fabrizio Giudici < > [email protected] <javascript:>> wrote: > >> On Wed, 20 Feb 2013 16:32:56 +0100, Josh Berry >> <[email protected]<javascript:>> >> wrote: >> >> I think most of these have simply meant that somebody in the Apple >>> network >>> had the plugin running. Considering that most attacks of note I've read >>> about involved direct emailing of exploited pdfs to executives, this >>> makes >>> sense. >>> >> >> I suppose it's like in the Facebook exploit, there was a JWS-based attack >> hidden in a page of a forum visited by developers. As Josh said, some >> employee connected with the Java plugin enabled and so was infected. >> >> >> >> -- >> Fabrizio Giudici - Java Architect @ Tidalwave s.a.s. >> "We make Java work. Everywhere." >> http://tidalwave.it/fabrizio/**blog <http://tidalwave.it/fabrizio/blog>- >> [email protected] <javascript:> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Java Posse" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to javaposse+...@**googlegroups.com <javascript:>. >> To post to this group, send email to [email protected]<javascript:> >> . >> Visit this group at >> http://groups.google.com/**group/javaposse?hl=en<http://groups.google.com/group/javaposse?hl=en> >> . >> For more options, visit >> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >> . >> >> >> > -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/javaposse?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
