Received this email fwd from my pops, I kind of agree, FTP is inherently unsecure, but almost everything support SFTP now, so just use that!

 —–Original Message—–
From:
Sent: Tuesday, September 04, 2007 7:45 AM
To: corvallis-etailing
Subject: Re: Hacker-Virus alert

Hi Steve,

Uyyy… you’ve poked one of my PET PEEVES:

The root cause of this exploit was running ftp
ftp is an inherently RISKY protocol
it is childs play to sniff the passwords from it

No webhoster that hosts serious sites should be listening for FTP
, heck, no one should use FTP for anything in this day and age,
EVER. Lunarpages does not take security very seriously if they
allow even a single client to run ftp. Yes content is your
responsibility, but the carrier for that content is their
responsibility. You did not get hacked via insecure web content,
you got hacked because someone was able (through THEIR
complacency) to modify your web content.

The reason why webhosters do this is money and laziness: There
are applications (e.g. DREAM WEAVER) with built in ftp that are
well entrenched and users do not want to upgrade to the more
secure version or redo their settings. Rather than risk losing
these users the hosters continue to tolerate ftp and take money
from the security challenged, that’s most of them.

There are secure alternatives for uploading your website.
Look into WINSCP or the new DW now has secure protocols available
SFTP or SCP And look into a webhoster that prohibits FTP entirely
for everyone if it is a shared hosting situation. Once a skillful
hacker compromises one account through FTP it is just a matter of
time before they hack a system account, control the box and do
whatever they want. yes even with virtualization.

Prepare to be hacked again unless you get on a FTP-free server
because most likely your server is now on a list of “servers that
run ftp”

Cxxxxxx
(formerly a security analyst at Symantec)

P.S.
Please don’t go through your HTML code and clobber everything
between
“<!– … and –>” or you will lose all your sites’ internal
documentation. Those are the synatx for HTML comments.

On Sep 3, 6:35 pm, ”

> Heads up!
>
> My e-commerce site was hacked into and one or more viruses
planted.
>
> All files with “index” in the file name were corrupted with an
IFRAME
> link put into them. When I went to my site, I got virus and
spyware
> warnings from my PC-cillin.
> They said there was a JS_PSYME.ANT and a EXPL_IFRAMEBO.A virus,
> and a spyware warning with a link to “superengine.cn/1278/ir ”
>
> The planted IFRAME started & ended with <!— ~ —> so I was
able to
> search out all files with that text in them. It appeared in
only
> index files.
>
> Fortunately, I had a recent enough backup that I was able to
restore
> the files. And I changed the password.
>
> According to my host, LunarPages, “This problem is caused by
your ftp
> credentials being compromised and used to modify your index
files on
> your site.”
>
> They also said:
> The ‘Exploit.HTML.Iframe.FileDownload’ is the report about an
HTML
> formatted document, that contains a code that refers to
Internet
> Explorer IFrame vulnerability.
>
> This vulnerability allows an malicious HTML document, such as
email
> message, to execute automatically when the document is viewed
using
> Internet Explorer.
> It also affects email clients that use Internet Explorer to
view
> HTML formatted email messages,
> such as Outlook and Outlook Express.
>
> Although, Lunarpages takes security very seriously,
> and have technicians monitoring our servers 24/7 we cannot be
> responsible for account content. The security of your content
is the
> customer’s responsibility.
> You should always keep update with the latest exploits and what
> to do with keeping
> your content secure.
>
> You may review more about the IFRAME virus by visiting:
>
> http://www.f-secure.com/v-descs/iframe.shtml
>
> http://secunia.com/virus_information/17177/exploit.html.i…
>
<http://secunia.com/virus_information/17177/exploit.html.iframe.f
> iledownload/>
>
> http://www.viruslist.com/en/viruses/encyclopedia?virusid=…
>
<http://www.viruslist.com/en/viruses/encyclopedia?virusid=78107 >
>
> Here are some security tips regarding html and browser security
as
> well.
>
> http://www.cert.org/tech_tips/securing_browser/
>
> http://netsecurity.about.com/cs/compsecurity101/a/aa04200...
>
<http://netsecurity.about.com/cs/compsecurity101/a/aa042003a.htm >
>
> http://www.fas.org/irp/doddir/army/wg2000/part02.htm

So I read the blog officially published by my company, ESET Software, LLC. It is always up to date with some good insight about the latest information regarding the anti-virus community. I don’t want to get into the recent Virginia Tech tragedy, because I have a lot of mixed opinions on it, and don’t really feel like expressing them all. However, I wanted to quote this post by Randy Abrams about it, and how it relates to technology. An interesting perspective on the tragedy, and shows a dark side of tech I didn’t even know existed:

If You Swim in the Sewer…

April 19th, 2007

Tragedy brings out the both the best and the worst in people. In the wake of the tragedy at Virginia Tech sewer-dwelling vermin are registering and selling domain names related to Virginia Tech, but they aren’t the threats. The floaters these sewer-dwelling vermin are swimming with are the jerks trying to use social engineering to gain control of your computer. One such attack involves an email message that claims to have video footage of the shooter. If you are sick enough to follow the link to see the bad news you will not see the shooter, but you will get bad news. The link leads to a file designed to compromise your computer.

Essentially every time you hear about a tragedy there will be some piece of sewage with a computer trying to break into your computer by promising video or pictures of bad news. As always, if you go looking for bad news you will find it – it just may not be someone else’s bad news you run into.
If you are looking for sewer news, guess what your computer is going to get filled with?

Randy Abrams
Director of Technical Education

–I can’t believe this is going on.  In addition, there is another controversy going on where ICANN (The Internet Corporation for Assigned Names and Numbers) is refusing to release domains registered through the registrar RegisterFly.  They recently lost their accreditation through ICANN and can no longer register domains, but I have a good friends who has about 5 domains tied up in the class action suit against them.  He had high ranking pages that generated some decent profit, but now have temporary landing  pages on them with someone elses ads.  It is ridiculous that ICANN has such a monopoly over controlling the issuing of domains…and as I read on some other blogs, they probably should be known as ICANNT.  Check over Here at Technorati for tons more information on the story.