cPanel Exploit Used to Circulate IE Exploit
miller60 writes "In a dangerous combination of unpatched exploits, hackers have used a previously undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit. cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix. It's a local exploit, meaning the attacker must control a cPanel account on the target hosting provider."
Why would anybody use that shit?
wh3n wiLL RepubICAns learn abOUT ConSTITUOIOtnal r1ghTS?
But it DOESN'T run on Linux! :-)
HeHeHEHe!
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
We already know the facts: IE is a piece of shit, and Microsoft's writing it so tightly into the "Windows Experience" continues to prove they are only interested in your money. Can you please move on to some real news? Huh?
As usual, the problem is all M$. The fact that the attacker must have an account to break cPanel is more a mitigating factor than what language cPanel was written in. Now, if you are dumb enough to be administering your site through Windoze, you might have already given away that access by keylogger. There's an endless supply of drive by hijackings for that OS. A malicious interested party in Redmond might hire someone to conduct just such an attack to make visiting Linux hosted sites the kiss of death. That would be a lot of work for very little return, as hosting sites will patch, but it just goes to show that security is only as good as your weakest link.
Friends don't help friends install M$ junk.