Breaking News
Loading...
Monday, 3 December 2012

Info Post
tumblr hack

Tumblr seems to be suffering from a viral hack at the moment, as several blogs appeared to have been compromised and are now displaying a message from the notorious troll organization GNAA.
The problem seems to be with Tumblr, which has acknowledged it, so account credentials probably haven’t been compromised.

“There is a viral post circulating on Tumblr which begins ‘Dearest ‘Tumblr’ users.’ If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible,” Tumblr explained.

A coding tag contained in the post linked to malicious code on another website. The JavaScript exploit, which was included in an iframe tag that pointed to an outside website, used what is known as base-64 encoding. It's a technique that uses printable ASCII characters to represent large chunks of binary data and has the benefit of making it harder to know exactly how a script will behave when executed.

There’s no way to know how many blogs have been affected so far and the only way to avoid your blog being taken over is to not use Tumblr and log out of your account. Not the greatest of fixes, but it’s all that works for now.

The exploit through which all of this was accomplished is unknown for now, the speculation is that the hackers were able to use a bug in Tumblr’s embedding system and get their scripts to run from there.

The malicious posting can be easily removed from infected accounts using the Tumblr mass editor. The site also recommends affected users change their account password, a measure that's probably not necessary, but wise considering Tumblr researchers have yet to offer a complete analysis of the attack.

0 comments:

Post a Comment