Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Friday January 12 2018, @04:15AM   Printer-friendly
from the pen-and-paper-are-better dept.

The Wordfence blog has an examination of an emerging attack on the Wordpress ecosystem.

[...] In the software industry, a supply chain attack exploits a trusted relationship between software vendors or authors and their customers. For WordPress, that means figuring out how to embed malware into software updates. In one case, we saw an existing plugin author install malware on customer sites in an effort to monetize an existing plugin. In every other case we have uncovered, the attack was carried out by someone who had purchased the plugin with the express intention of attacking its users.

This is a follow-up to December's discovery of backdoor code in three mildly popular plug-ins. Those otherwise-trusted plug-ins had been purchased from the original developer by a third party, who then injected malicious code in subsequent updates.

In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. ... Each of them had been purchased in the previous six months as part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 1, Interesting) by Anonymous Coward on Friday January 12 2018, @04:31AM (5 children)

    by Anonymous Coward on Friday January 12 2018, @04:31AM (#621256)

    Author of TFA https://soylentnews.org/article.pl?sid=18/01/11/0158234 [soylentnews.org] said it was fictional, at best plausible. And now you say it has been done. Multiple times. Better tell that guy. /s

    • (Score: -1, Spam) by Anonymous Coward on Friday January 12 2018, @05:07AM (1 child)

      by Anonymous Coward on Friday January 12 2018, @05:07AM (#621265)

      I see it! I can see it all. A vision. A vision about what, you ask? About the future of your ass! I'm the Assteller.

      You exit your house and spot a toy clown floating in the air. The toy clown is staring directly at you. You sense that this toy clown is malevolent, and so you decide to barricade yourself in your house before a disastrous fate befalls you. However, before you can even move a single cheek, the toy clown points its palms in your direction and shoots Lego blocks out of them. The Lego blocks fly behind you and phase right through your pants as if your pants aren't solid and then they crash directly into your raw snappyhole. It tickles! It tickles so bad! But it doesn't stop there. The Lego blocks begin spinning around on your asshole while pressing against it, and in doing so, they inflict excruciating tickle upon it! Eventually, the blocks break into your asshole and begin colliding with the sides of the deepest reaches of your ass, inflicting horrible tickle upon it all the while! Then, the toy clown begins rapidly shooting these Lego blocks into your ass while laughing at your suffering. No matter how much you scream for him to stop, his soft laughter continues...

      • (Score: 0) by Anonymous Coward on Friday January 12 2018, @03:03PM

        by Anonymous Coward on Friday January 12 2018, @03:03PM (#621391)

        Usually when this happens, the first thing I check is the good/evil toggle. Just about every time the thing has been set to evil. Fortunately they're RFC3514 compliant. If that doesn't work, find the Turtle of enormous girth and schedule a ritual of Chüd. Problem solved.

    • (Score: 2) by halcyon1234 on Friday January 12 2018, @03:27PM (2 children)

      by halcyon1234 (1082) on Friday January 12 2018, @03:27PM (#621400)
      WTF? This article and the one you linked to are by two different authors.
      --
      Original Submission [thedailywtf.com]
      • (Score: 4, Funny) by Pino P on Friday January 12 2018, @04:20PM (1 child)

        by Pino P (4721) on Friday January 12 2018, @04:20PM (#621422) Journal

        And now you say it has been done.

        WTF? This article and the one you linked to are by two different authors.

        It makes sense if "you" is plural, referring to all of SN's editors.

        Unfortunately, in most dialects of modern English, "you" (singular) and "you" (plural) look the same. Up through early modern English, the singular was "thou", but that has fallen out of use outside quoting stage plays or Bible translations from the 17th century. Dixie-influenced English dialects have developed "y'all" (< "you all") as the plural form, and "yinz" (< "you ones") is used in parts of Pennsylvania. The New World Translation of the Holy Scriptures renders Hebrew and Greek forms corresponding to plural "you" in small caps. But there's no standard way to tell them apart.

        • (Score: 2) by nobu_the_bard on Friday January 12 2018, @07:40PM

          by nobu_the_bard (6373) on Friday January 12 2018, @07:40PM (#621506)

          There are parts of New Jersey and New York where "y'all" instead is used for a singular "you", in case you were hoping maybe clarity might yet win out.

  • (Score: -1, Spam) by Anonymous Coward on Friday January 12 2018, @05:39AM (1 child)

    by Anonymous Coward on Friday January 12 2018, @05:39AM (#621271)

    ... Don't let friends use WordPress. Or Tumblr. Or Blogger. Or Medium for that matter. If you simply must blog, may I recommend Silvrback [silvrback.com] instead?

    • (Score: 2) by c0lo on Friday January 12 2018, @09:03AM

      by c0lo (156) Subscriber Badge on Friday January 12 2018, @09:03AM (#621314) Journal

      A simple link to a commercial blog hosting, no reasons shown for why the recommendation and why S/N should carry that link.

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(1)