Dominic White

Based on Google's index, the following sites are/were infected based on the SQL injection attack discussed all over the place (1, 2, 3, 4, 5). From an SA perspective, News24, Sunday Times (available in dead tree only) and Talk Radio 702 have covered this.

Click here for Google's latest list.

Click here for Yahoo's latest list (much less accurate).

Status: Medium

• Most of the sites hosting the JavaScript are down, and most of the sites listed as infected seem to be clean (for SA). As this appears to be the 3rd or 4th injection, if web admins haven't fixed the root vulnerability and the attack is re-run pointing at a different domain, it could happen again.
• The command and control server the Trojan sends stolen passwords to is still up.

Warnings:

1. Do not click on any of the links from Google or Yahoo as you are likely to be taken to a website which will infect your computer with a trojan.
2. Search engines (aka Google and Yahoo) work on an index, which works on a snapshot of information. This snapshot takes a while to update, so some sites may be infected and not listed yet, and others may no longer be infected and still listed.

Posted by Dominic White

OSVDB's SoC code monkey, Dave, has been ferreting away and is already producing some good stuff (one, two, three). I am going to have a go at getting back into mangling some vulns later tonight. Given that the last time I mangled vulns was almost four years ago, I have a feeling I will be very pleased/surprised by the many changes.

For those of you living in the dark ages, OSVDB will be *the* canonical vulnerability reference one day, in the meantime it's just more accurate than the rest ;), all it needs is more manglers.

Posted by Dominic White

The iCommons' iSummit '08 site was launched tonight, and I must say it is looking amazing. I am rather biased in this analysis, however, I feel my bias is worthy for Loftwork's killer logo shown on the left. There's something about luminous green which gets me going. I won't be able to attend the conference, but the Second Life programme looks beefed up this year for those of us who want a from-the-couch experience.

I think iCommons is an undervalued organisation, if I were a broker and they were listed I would give it a strong 'buy' recommendation. In digital currency this translates to find out who they are, what they do and then tell others. They have a mandate that extends beyond that of Creative Commons to bridge the gaps between the various 'open access' movements including Wikipedia, Open Source, Free Culture, Open Education, Open access journals etc. I am fortunate enough to know some of the team based on Johannesburg, and can attest that this is a group of highly motivated, passionate people, who are too modest to boast about their own brilliance.

This will be the fourth iSummit, a large conference organised all over the world by 2-5 people! The 10 000ft overview of the summit is best described by the commoners themselves:

There will be two keynote sessions each day, featuring confirmed speakers David Wiley of OpenContent fame, FLOSS advocate and researcher, Rishab Ghosh and Wikipedia's Jimmy Wales. Also look forward to community-specific 'labs' and an Academy track for Commons novices, with extra time to connect and chat. Free space has been planned into the programme to accommodate spontaneous connections as they arise - if a group of like-minded Commoners have an idea that they would like to discuss right there and then, we can help to make that happen.

Posted by Dominic White