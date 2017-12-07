Keylogger Found On Nearly 5,500 WordPress Sites (bleepingcomputer.com) 39
An anonymous reader writes: Nearly 5,500 WordPress sites are infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner. The malicious script is being loaded from the "cloudflare.solutions" domain, which is not affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field. The script is included on both the sites' frontends and backends, meaning it can steal both admin account credentials and credit card data from WP sites running e-commerce stores. According to site source code search engine PublicWWW, there are 5,496 sites running this keylogger. The attacker has been active since April.
Reaction faces... (Score:2)
Random users :
"OOH MY GOD !!! NO !!!! ALL MY PRECIOUS PASSWORDS!!!!"
Users of password managers :
"Phew !... at least they didn't log these".
Users of NoScript [noscript.net] (and other such popular script blocking extensions) :
"...yeah... whatever...."
---
Bonus:
Users of links/elinks/lynx, curl/wget and straight telnet :
"Bwaaah.... we're left out of the fun once again!..."
Because they can use it to scam people out of $250 for 20 minutes work setting up a "website".
More details? (Score:2)
They don't say if it's WordPress itself or in a popular plug-in.
I don't see how that could possibly be the issue.
Both NoScript 10+ and YesScript2 support Firefox 57+. If the users don't update their plugins after updating the browser, that's not really Mozilla's fault.
The old NPAPI support needed to die---for security reasons. Your attempt to cast a security improvement as a problem is ill-founded, and, quite frankly, idiotic.
Re: Firefox 57's extension breakage enabling this? (Score:2)
Noscript 10 is pretty terrible though. At this point it looks and feels like an Alpha release.
How's YesScript? Any better?
Use NoScript. It works the best (eve n in FF57) (Score:2)
Some of the most popular extensions are those that help prevent JavaScript from being used maliciously, and these kinds of extensions were among the ones to suffer the worst breakage, due to being so intricately tied to the operation of the browser.
Regarding ads:
uBlock Origin - was WebExtension compatible in advance, well before the release of FF57 (I use that one)
uBlock - was WebExtension compatible in advance, well before the release of FF57
AdBlock Plus - was WebExtension compatible in advance, well before the release of FF57
Regarding trackers:
FSF's Prvacy Badger - was WebExtension compatible in advance, well before the release of FF57 (I use that one)
Regarding script blocking
:
uMatrix - was WebExtension compatible in advance, well before the release of FF57
This is why we need cryptographic authentication (Score:2)
We need to switch to cryptographic authentication. FIDO U2F makes a lot of this moot.
With some software put in place at the CRAs, they could use FIDO devices to prevent opening new accounts. If you go into a bank with ID (Driver's ID, passport) and a FIDO device, the bank has done the best identification of you it can. Plug the key into a USB port in a computer, have the bank authorize trust establishment, and you generate 3 new key pairs--one for each CRA. The CRAs get the public key; the private key