Tuesday, November 27, 2007

Inconvenient Truth blog, SE0wN3d!!1

You know website security is getting serious when not even the promotional blog for former U.S. Vice President Al Gore’s Inconvenient Truth flick is safe. According to an article by Robert McMillan of IDG News, “An Inconvenient Truth, has been hacked and is hosting links to Web sites hawking online pharmaceuticals.” Apparently the bad guys (probably better described as black hat SEOs) are attempting to boost their search engine rankings by invisibly linking to their websites entitled "Xanax On Line," "Viagra," and "Buy Valium Online".

One expert said it was probably an unpatched WordPress vulnerability, which is entirely likely, but it’s hard to say for sure. It’s also hard to say if the attack was targeted or if the blog was simply caught in the net of a mass WordPress exploit scan. The other question is if the links were buried invisibly in the source, how’d anyone notice? Anyway, just goes to show that even seeming low value targets could in fact have significant value to someone else.


Sean said...

Obviously, Mr. Gore did not spend enough time checking the security settings of his Wordpress blog. Not surprising since he didn't spend enough time checking the facts for his movie. Check out http://globalwarming-factorfiction.com/2007/10/26/35-inconvenient-truths-the-errors-in-al-gores-movie-part-1-of-5/

Jeremiah Grossman said...

As valid as line of thinking may be in other forums, lets please not let the conversation spiral down that particular path and away from "security".