That’s right, the television network CBS had their website hacked using the popular iframe method and was actually used for a period of time to distribute malware to it’s visitors.  I am not for sure how many visitors CBS has on a daily basis but I am pretty sure it’s probably high volume. 

One of the popular features on CBS’s website among visitors is the ability to view missed episodes of their favorite shows like The Unit, CSI: Miami, and NCIS.  Below is a report I found on Techworld regarding the attack…

TV network CBS has become the latest big name to have it website used to host malware, a security company has reported.

It appears that Russian malware distributors were able to launch another iFrame attack on a sub-domain of the cbs.com site so that it was serving remote malware to any visitors. A user’s vulnerability to the malware attack launched by the site hack would depend on a number of factors, including the type of security used on a PC, the operating system, and possibly the browser version.

“This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users’ PCs, said Finjan CTO, Yuval Ben-Itzhak, who has devoted a fair amount of time in recent months to finding these hacks.

“Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware,” Ben-Itzak continued, taking a pop at the anti-virus products against which his company in part competes.

“It also highlights the fact that no web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times,” he said.

Finjan has it had informed CBS of the issue, but that the Russian exploit server had in any case been taken offline, neutering the attack for the time being.

iFrame and SQL injection attacks on big-name websites have been one of the fashionable attacks of 2008, embarrassing a string of household names.

Techworld.com - CBS website bitten by iFrame hack

..........

If you are like me, you are probably going to spend some time over the next few days doing some Christmas shopping online.  If so, I have stumbled onto something pretty cool inside the Twitter social network, just follow couponer and they will keep you up to date w/ the latest specials and discounts from many of the top tier online retailers. 

Just today I see that there are discounts on Sears.com, Guitar Hero 3, The Gap, Eastbay, Sony, Wine.com, and one of my wife’s favorites, Duck Duck Goose!  Oh, and kudos to these online retailers for doing what they can to make the most out of social networking!

..........

I just saw this on Facebook and had to give a shout out to the gang from Jonesboro (Powell Creative).  They showed up on the front cover of the Winter 2008 DXNEWS magazine.  This publication is put out for District 10 of the American Advertising Federation.  We (Pleth) work very closely w/ Melissa and the gang at Powell Creative in Jonesboro, in fact we just opened a new office right next door! Kudos!

..........

Just so no one else out there thinks that they have lost their mind, there was never a wordpress 2.6.4, instead there was a bogus version of wordpress floating around that wasn’t legit so the guys at AutoMattic in an effort to stay ahead of the folks issuing 2.6.4 have opted to skip that version and go directly to 2.6.5.

Wordpress 2.6.5 is a pretty important update in that it fixes a small hole that could possibly be exploited via XSS.  I have been updating our hosting wordpress solutions this morning and should have all of our clients updated in the next 20 minutes or so.

WordPress 2.6.5 is immediately available and fixes one security problem and three bugs. We recommend everyone upgrade to this release.

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Note that we are skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds. There is not and never will be a version 2.6.4.

WordPress › Blog » WordPress 2.6.5

..........

Matt, our server administrator at Pleth, get’s credited for stumbling onto this cool find.  Lunascape is a web browser that uses all three of the rendering engines (webkit, trident, and gecko) instead of relying solely on one. 

Personally I haven’t ever heard of anything like this before and am pretty anxious for this software to mature a little bit so we can get a good idea as to how it’s going to perform under pressure.  It is being touted as the fastest browser ever…

Do you use multiple web browsers? Juggling multiple web browsers is not so uncommon to overcome incompatibity and inefficiency of web sites or browsers that are not well optimized to web standards. But it’s not that power users who know how to install and use multiple browsers actually love the hassle at the cost of their precious time.

Lunascape is here for you! For the first time ever, there is a web browser that has integrated the three main browser rendering engines with the ability to switch to the optimal engine automatically.

It’s in Lunascape’s DNA to open up new possibilities in the world of web browser. Lunascape was the first web browser with a search bar. The fully customizable skin system is another feature introduced by Lunascape in a web browser for the first time. Triple-engine is the latest addition with more innovations to come. State-of-the-art technical skill in Lunascape leads the world to future web experiences.

Lunascape Web Browser - The World’s Fastest Browser Ever

..........

I was surprised to learn tonight that Eclipse Aviation had filed for bankruptcy protection.  I have been following this company since my partner Stephen, who is also a pilot, turned me onto it. 

There was a lot of buzz about this plane for a while leading up to it’s release,  not to mention a long waiting list of people looking to purchase one, hopefully they can get back on their feet one day soon!

NEW YORK (Associated Press) - Eclipse Aviation filed for bankruptcy protection Tuesday after failing to produce its very light jet as fast as its business plan required, forcing the manufacturer to take a loss on each aircraft it built.

The struggling Albuquerque manufacturer of the six-seat Eclipse 500 filed for Chapter 11 protection in U.S. Bankruptcy Court in Delaware.

The filing comes after a troubled year that saw layoffs of more than a third of its work force, the exit of its founder and former chief executive and mounting lawsuits from nearly a dozen disgruntled customers. Earlier this month the company sent employees home for two days after it was late making payroll.

“In the face of unprecedented economic challenges, it is clear that the sale of the Eclipse business through the Chapter 11 process was the right course of action to maximize the value of the business, secure its future and protect the best interests of Eclipse’s stake holders, including customers, suppliers, employees and creditors,” acting chief executive Roel Pieper said in a statement.

Pieper was not immediately available for comment Tuesday.

Under Chapter 11, a company seeks an order from a bankruptcy judge that prevents creditors from immediately seizing company assets. Most companies continue to operate in some form while seeking to reorganize and reduce their debt.

Eclipse Aviation plans to sell nearly all its assets _ valued at between $100 million and $500 million _ at a public auction that would be held in January, court records show. The company has more than $1 billion in liabilities.

Barring an offer from a higher bidder, the company would be sold to an affiliate of its largest shareholder, ETIRC Aviation, called EclipseJet Aviation International Inc., said Brad Robins, managing director of Greenhill & Co. Inc., a New York-based investment bank Eclipse hired as its financial adviser.

The company was able to add 300 European aircraft orders to its books after the Eclipse 500 received certification from the European Aviation Safety Agency on Friday, which is similar to getting Federal Aviation Administration certification in the U.S.

European certification allows Eclipse to sell its aircraft in 37 European countries.

Robins said Eclipse’s plant in Albuquerque, N.M., which employs 945 people, should see no major changes as a result of the bankruptcy proceedings.

“The goal is the company continues to operate; employees are keeping their jobs,” Robins said.

Part of the restructuring will allow Eclipse to obtain $20 million in loans from Eclipse board member Alfred E. Mann and ETIRC, which will be used to pay employees, court records showed.

Eclipse chief financial officer J. Mark Borseth said in an affidavit that keeping employees working is important for the future of the company.

“I believe that if (Eclipse is) unable to honor all such obligations immediately, employee morale and loyalty will be jeopardized at a time when such support is critical,” Borseth said in the affidavit.

He said the company had early production delays caused by introducing several new technologies to build the aircraft.

And Eclipse’s business plan required aircraft to be produced at “unprecedented volumes” to enable the company to price the jet lower than its competitors, Borseth said.

After Eclipse failed to meet production targets, the cost per aircraft increased.

“As a result, Eclipse continued to lose larger than expected sums of money on each aircraft manufactured,” Borseth said.

Eclipse announced earlier this year that it needed $200 million to $300 million in financing to stay afloat, but analysts agreed that in the midst of a global economic crisis, a “white knight” investor was unlikely to appear, making restructuring necessary.

Eclipse’s “experience in the past several years is that they were able to secure financing. I think with the world we’re in today, this (Chapter 11) is the basis in which they could get it,” Robins said.

Eclipse Aviation files for bankruptcy protection

..........

Several  times my partners and I have played around with the idea of acquiring a smaller hosting company that was for sale on the open market.  We have the infrastructure to accommodate several times over the number of clients we currently have and purchasing a smaller company seems like a logical choice for us to quickly grow our client base. 

One of the concerns we have about purchasing another hosting company is that our operation is completely different than that of most hosting operations, for instance GoDaddy, they do bargain basement hosting and offer annual renewals on their hosting customers.  Several other large bargain basement, barebones hosting operations out there are setup the same way or similar as well. 

The vast majority of our clients are billed on a monthly basis.  The reasoning for this is because we actually bring a few other products and services to the table and also have a retainer agreement that certain clients take advantage of.  We also offer other services outside the realm of hosting such as development. 

I ran across this article today, and I actually have an email into this guy to discuss some of this but haven’t heard back from him yet.  This is great information if you are in the hosting industry and I recommend you check out Furlow Consulting’s website.

If you are acquiring web hosting companies and a specific target primarily has annual customer accounts, don’t