May 29 2008
I’ve made no secret of the fact that I’m a big fan of Firefox and the NoScript plugin. I don’t want anything running in my browser that I don’t explicitly approve of. And now with the big rise in sites compromised with the latest Flash exploits, there are more reasons than ever to use NoScript. I don’t use Flashblock myself, but it also comes highly recommended for dealing with this issue.
The interesting thing to me is that this attack is a combination of SQL injection against the servers and a payload containing the Flash exploit. If the compromised sites had made the effort to use good coding practices and checked for SQL injections, this wouldn’t be a big deal. Another alternative would have been a web application firewall. This is 2008, not 1998, SQL injection is low hanging fruit on the security tree and most of the sites compromised should have something in place to stop SQL injections. But they don’t, so we have a nice outbreak of Flash exploits.
Security Focus stated that there were approximately 20,000 compromised web pages as of Tuesday. That sounds like a lot until you figure out the math and realize that this may mean 2000 or less machines compromised, depending on the average number of pages per system. I guess 2000 doesn’t get the clicks nearly as well as 20,000 does.