« Life's Lessons: Wipe your hard drive before disposing of it | Main | HP Cuts Back on Telecommuting »

Circuit City Discussion Board 0wned

I posted here and here on May 20th regarding exploitation of Invision Power Board bulletin board using in Movable Type's support forum such that the BB would serve up WMF exploits via IFRAME.

I even submitted the incident along with links to the Secunia writeup to SANS and it was published in the ISC on May 21st.

Looks like whoever is running the Circuit City Home Theatre Discussion Boards didn't get the message. According the CNET they were 0wned in the same fashion. I think it is interesting to note that unlike Movable Type, Circuit City is notifying the registered users of that board. On the other hand Circuit City apparently didn't find out about the event until notified by the SANS ISC.

The WMF exploit came out beginning of January. So people really should be patched and on top of that have antivirus. Imagine if they'd been using a newer exploit.

Posted by Roger on June 1, 2006 9:04 PM |

TrackBack

TrackBack URL for this entry:
http://www.infosecblog.org/mt-tb20070714.pl/197

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)