5 posts • joined 11 Jun 2007
Not a virus
This functionality has been built into monster, and many other jobsites. Basically recruiters / employers can query the backend of the database directly.
There's no need to write a virus to do this, just pose as a recruiter and monster will allow you to connect directly to the backend database.
Office Angels have had a tool that does just this and they are happy to rent the tool out to anyone who can afford it....
Jobseekers need to be more careful with their data.
Anyone who goes to the trouble of stealing a server is going to make sure they get the right one. Pure incident management rather than truth.
If you have a server processing this kind of data you ought to go to the trouble of running full hard disk encryption then they've only got access while the box is up and running. At this point I have visions of them running off with the UPS as well , well it would'nt be running with the UPS would it ;)
Cameron and Rob are right about what is causing it.
I'd also bet there was a config file that contained the user / pass for the database as well. If you can request the file directly and the PHP install breaks you could get the database username and password.
There are products availble that obfuscate the PHP source code such as ioncube. If they prized their source code they'd be using it already.
CSS has been traded privately for months
CSS for mspace and hi5 have been traded privately for months. My favourite was the Hi5 CSS that was publically reported in December over at sla.ckers and went unfixed for months.
The exploit instead of stealing the victim's cookie logged the user out of the app and forced them to re-authenticate writing out user / pass to a writeable file on previously compromised webserver.
Normally the victim would be given a hi5 or you'd sign up as their myspace friend and leave a saucy note. Intriguing them to visit your profile , be mysteriously logged out when viewing certain parts of the profile then getting their account hacked later on.
DDOS on spamhaus et al is normal for spammers. Indeed you are'nt a major spammer until you've DDOS'd them.
Why DDOS them? so you can get your fresh spam out while stopping companies from updating their rulesets and blocklists. It's not supposed to be a prolonged attack.
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
- Was Earth once covered in HELLFIRE? No – more like a wet Sunday night in Iceland
- Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
- Vid MIT boffins cry havoc and let slip the ROBOT CHEETAHS of Whoa