Posted by chris on Tuesday, August 11, 2009 – 11:56 AM
This just in from the Internet Storm Center
Juha-Matti pointed out multple reports on a vulnerability in the widely used wordpress blog software that supposedly allows lets remote users reset the administrative password. They all lead to an original post on a full disclosure mailing list.
You can get all the details from the original post – WordPress unauthenticated administrator password reset
You can find the fix here
Basically you just need to change line 190 in wp-login.php from
if ( empty( $key )
to
if ( empty( $key ) || is_array( $key ) )
If line 190 in wp-login.php doesn’t match the example, you should update Word Press.
I’ve already done it here and everything still works. I also tried it on a version of Word Press that isn’t the latest version. I had to search for the string that needed changing because it’s not on line 190 in the older version. I updated the info and everything is working there too.
Posted by chris on Monday, August 10, 2009 – 12:45 PM
There has been another Adobe Acrobat Reader update released. Since this was not a planed update, there must be something nasty floating around on the net. I’d suggest you update Acrobat Reader ASAP, if you haven’t already. You probably already know how to do it, since there has been so many updates recently. In case you don’t, just run Adobe Acrobat Reader and go to the Help menu up at the top. Under Help you will want to select Check For Updates and in that window, select Download and install updates. Another window will open and you should see the download begin. If it isn’t downloading, you may need to uncheck the box marked Download when my internet is idle.
I didn’t bother looking up what this patch is for, but not long ago there was a new exploit floating around so I imagine this is what it’s for.
Posted by chris on Sunday, August 2, 2009 – 1:09 AM
While writing a new article about removing Fast Browser Search and My Web Tattoo, I was analyzing a new version of MakeTheWebBetter, which is the file I got from the MyWebTattoo site. I noticed it connected to a new site since the last time I looked at it, www.tattoodle.com Looks like they have expanded their operation to include My Space. I also found a new updated uninstall page which included Search Guard Plus, which was another new file I found that was being installed since I wrote my first uninstall guide. I am going to keep writing the new article I am working on but in the mean time, check out the new official uninstall page they have set up. It’s much better than before and like I said it includes the new programs.
Official Tattoodle Uninstall Page
It still doesn’t tell you how to fix the search redirection in Firefox so if that still plagues you, I have a guide for that here
If that still doesn’t fix it for you, and you have some basic computer skills, my next post may be the one to help you.
Posted by chris on Sunday, August 2, 2009 – 12:24 AM
I uploaded MakeTheWebBetter to Threat Expert and here is the report. This is the program that is downloaded from the My Web Tattoo website and starts all this @#$! Now assuming you already tried to uninstall it using it’s uninstall program or add and remove programs in control panel and it’s still running, you can try this to remove any remains of it. Some of this information may not be for beginners. Use common sense, if you have no idea what I’m talking about, stay out of your files. Especially the registry. If you don’t know what your doing in there, you can make a real mess of your system. Now that is out of the way, here’s some information about how we can get rid of this thing.
Read More »
Posted by chris on Saturday, August 1, 2009 – 4:19 PM
Unable to attend DefCon this year, I’ve been following it on twitter. There was a talk about how insecure Firefox extensions are.
@ramereth word to the wise: DO NOT trust any firefox extension. assume they can grab and do anything including executing other code #defcon
Just one of many tweets talking about how scary the talk was. So until I can get more information on this, I’m disabling most of my Firefox extensions. Could this be Firefox’s vulnerability equivalent to Internet Explorer’s active-x? Ironically, I’ve been using Google’s Chrome browser lately. I’m liking it more and more. I was just switching back to Firefox because it has a couple extensions I use a lot. But now that they might not be safe, it looks like Chrome is going to be set as my default browser. At least until I find out more about these Firefox extension exploits.
Seeing how this talk was given today, I suspect there will soon be a rash of these exploits and figured I should pass on the info I have even though it’ sketchy at best at this point. To disable your extensions in Firefox, just go to Tools, then addons, then extensions, and uninstall or disable them.
