When things go bump in the night (at IxDA.org)

9 May 2008 - 1:33am
664 reads
Nasir Barday
2006

Hi Everyone,

You may not have noticed, but something went bump in the night on the IxDA
web site this week. After investigating an issue someone reported with our
RSS feeds, we found that someone had inserted some malicious code onto our
site. The code quietly directed visitors' browsers in the background to a
site that attempts to install malicious software on visitors' computers. All
is well now, but in interests of transparency, we wanted to send this note
along

*What Happened?*
The vulnerability that allowed the breach to occur only allowed access to
our mail archives and everything already public. Other information that we
maintain, such as conference registration information, remained secure. It
bears repeating that this vulnerability *only affected the web site*. For
example, people reading just the e-mail version of our list have less to
worry about.
We have since removed all traces of the offending code from the site and
fixed the vulnerability that allowed the breach to occur in the first
place.

What to Do About This
To be safe, if you have visited ixda.org over the past two weeks, please use
a tool to scan your computer for malicious software and remove it. PC users
can use SpyBot Search and Destroy (
http://www.safer-networking.org/en/index.html), and Mac users can use Mac
Scan (http://macscan.securemac.com/), both free tools.

We apologize for any inconvenience this may have caused you. No, really, we
know you have enough to do without having to worry about whether you may
have gotten malware on your machine from an otherwise unassuming site. On an
ongoing basis, we will monitor our systems more closely for suspicious
activity, and we will fix security vulnerabilities as they are discovered in
the computer security community.

Special thanks to Jeff Howard for raising the initial alarm and for helping
us address this breach in a timely manner. Please fee free to get in touch
with me at this address if you need more infomation.

Thanks,
Nasir Barday
Interaction Design Association

Syndicate content Get the feed