hacked posts

Filed under: Security, Social Software, web 2.0

Bad guys now launching attacks through hacked Facebook apps

by Lee Mathews Oct 19th 2009

Social networking sites like Twitter and Facebook can already be dangerous places. Things like short links and bogus messages from friends with compromised accounts put unsuspecting and under-prepared users at risk.

Now, AVG's security researchers have discovered a new threat on Facebook. For the first time, they've found hacked Facebook apps. According to AVG, the apps are being used to launch drive-by attacks which target vulnerabilities in Adobe Reader and Adobe Flash. AVG reports finding seven hacked apps, but they admit there could well be more.

First things first: if you're not running up to date versions of either of those, download them right now. Here's the link to Flash and here's one for Reader. Using anything but the most current version could leave you open to attack.

The attack works like this. Visit the Facebook page for any of the hacked apps and click to install. Instead of the normal process, the page will try to push a poisoned PDF document to your machine. Once open, the infected PDF infects your system with a bogus antivirus application - which are often notoriously difficult to remove.

I've mentioned fake antivirus programs like these before on Download Squad. If you've been infected, you can try the tools listed on this post to clean up your system.

To keep from getting infected in the first place, make sure you:

have a good antivirus program installed and that it is fully updated
update browser plugins like Java, Flash, and Adobe Reader as soon as you are prompted to do so
install any critical Windows updates that are available
check comments on new apps before you install - others may have already been infected and left a post on the wall!

Tags: adobe, avg, facebook, facebookapps, flash, hack, hacked, pdf

Filed under: Audio, Security, web 2.0

Muxtape mucked up: who hacked it?

by Jay Hathaway May 21st 2008

Muxtape, the popular online mixtape service we wrote about earlier this year, appears to have been hacked today. Every song on every Muxtape has been replaced by, "Aim (with Stephen Jones) - Good Disease [Babybird does a Prince thing]." Users can't delete the track from their mixes, and (in our professional opinions) the song isn't even very good.

An update was just posted to the Muxtape blog. No details yet, but they know about the problem and have taken the site down temporarily to fix it.: "This afternoon, someone gained access to our server and caused some problems. We are investigating and will have more information soon. I've taken the site down temporarily as a precaution. Thanks for your understanding, watch this space for an update."

On the plus side for Muxtape, the service has only gotten better since its initial launch. It's now playable from iPhones, and plenty of sites have popped up to catalog the best and most interesting Muxtapes. The site is down right now, presumably being fixed, and we will update this post as we get more information on the battle between Muxtape and Babybird's Prince thing. Is this a publicity stunt by the band, or just a prank?

UPDATE: Muxtape is now saying that this may have been a result of a database problem and not any kind of breakin, but the cause is still undetermined. The site should be back up by tomorrow, and everyone's mixes were probably backed up and should be restored.

Tags: babybird, hacked, hacking, muxtape, prank, publicity stunt, PublicityStunt, stephen jones, StephenJones

Filed under: Audio, Business, Internet, P2P

RIAA website gets hacked by SQL injection

by Todd Ritter Jan 21st 2008

Yesterday a Reddit user posted a link that supposedly runs a time-consuming SQL query on the RIAA'a website. Of course the Reddit community began trying to stick it to the RIAA, and eventually someone may have deleted all of the site's content by exploiting a poorly configured web/database server with an SQL injection attack.

The site appears to be operating fine now, but we noticed it certainly wasn't fine yesterday (and TorrentFreak has screenshots of the site, sans content). Is it ironic that the RIAA uses free open-source software (OSS) such as PHP to run their website while hunting down people who allegedly don't pay for music? You'd expect something more sinister, like Karl Rove hand typing HTML pages in a dimly lit sarcophagus or, at least MS SQL/IIS.

If only they spent more time working to save themselves from cross-site scripting attacks and SQL injection instead of going after college students for downloading "My Humps."

[Via TorrentFreak]

Tags: database, hacked, mysql, php, riaa

Filed under: Security, Video, Features

The Squadcast 05 - Security Starts at Home

by Grant Robertson Dec 10th 2007

Hiding under your bed in fear of the latest Internet threats? Fear not young digital warrior, we've got you covered. On this week's episode of The Squadcast we talk to SecureWorks security researcher Ben Feinstein about staying safe online, keeping the hackers out, and more. Plus, Grant and Christina count down our five favorite free security downloads.

Watch "The Squadcast 05 - Security Starts at Home"
Also available on YouTube, Crackle, Veoh and Metacafe

Subscribe to our YouTube channel

Watch other episodes of The Squadcast

Tags: hacked, malware, security, spyware, squadcast, viruses

Filed under: Windows, Microsoft

PowerPoint attacks

by Chris Gilmer Oct 18th 2006

Microsoft is always under attack. This time around it's Powerpoint, again. Just a few days after patching bugs, PowerPoint was hit again. A Microsoft Security Program Manager was made aware of a proof of concept code that was affecting Microsoft Office 2003 PowerPoint, as well as PowerPoint 2000, and PowerPoint 2002. This hole allows for hackers to potentially execute code on a user's computer by the user opening a hacked PowerPoint file. A good idea would be to keep checking in with Microsoft, to see if a fix has been integrated by the Microsoft Security Response Alliance.

Tags: bug, bugs, hacked, microsoft, office 2003, Office2003, patch, powerpoint, security

Filed under: Internet, News, Web services, Social Software

Digg down?

by Ryan Carter Oct 2nd 2006

One of our favorite sites (yours and mine) is down this morning. What does this mean for Digg? Crazy-cool new changes and upgraded features? Has Digg been hacked, or is this routine? "Out of service" doesn't look too good, but is this just web 2.0-speak for hold-on we're kicking-up the good stuff another notch? I don't remember Netscape going down to launch their video product site-wide, but perhaps this isn't a good comparison to make? Here's to hoping that this is nothing bad for Digg, and that it will be back online very soon. We miss you Digg, come back to us soon.

Tags: digg, down, hacked, maintenance, server

Featured Time Waster

Graveyard Shift - zombie-busting Time Waster

With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet. They key to getting good at Graveyard Shift is learning to use ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures

Download Squad at the Crunchies After-Party

Android First-look: Amazon.com MP3 Store

Flickr Pool

www.flickr.com

Download Squad bloggers (30 days)

#	Blogger	Posts	Cmts
1	Jay Hathaway	111	6
2	Lee Mathews	76	34
3	Sebastian Anthony	51	163
4	Brad Linder	37	7
5	Jason Clarke	31	0
6	Grant Robertson	8	8
7	Dolores Parker	7	2
8	Victor Agreda, Jr.	7	1
9	Nik Fletcher	3	0
10	Matt Heerema	3	3
11	Paul O'Brien	2	0
12	Download Squad Staff	1	0
13	John Burke	1	0

More Tech Coverage

Control Shift It's all about the experience
Somewhat Frank Perspectives on tech as it fuses in everyday life
Switched Gadgets, web news and commentary
Urlesque Exposing bits of the web

Download Squad