Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What motivates these tools


  • Please log in to reply
2 replies to this topic

#1 marcoose777

marcoose777

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 02 August 2015 - 05:00 AM

Hi Guys,

Just popped over to projecteuler.net to have a quick look at a problem for a bit of recreational math problem solving; and the black hats have struck yet again. It would seem, according to ycombinator , that project euler has been unwittlingly serving up a rogue flashplayer executable in the usual windows .exe format. What do these tw@!s hope to achieve, presumably the typical user of project euler will have a password safe, such that compromising the site password will only obtain what is freely available e.g. site membership. A lot of programmers, and hobbyists (like myself) tend to favour linux, such that windows malware really isn't going to stick.

 

Despair!!, words fail me; If there was a so called 'hacker community' they'd hack the ar43 off these tools and do a bit of self policing

 

Unfortunately I suspect the 'hacker community' is just a bunch of morally dubious, criminal low lifes, doing what they do purely for money.

 

That is so sad



BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:16 PM

Posted 04 August 2015 - 01:31 PM

presumably the typical user of project euler will have a password safe

I think you have a higher estimation of most developers' security setup than reality.

Project Euler's audience is people who are learning to write software, not professionals. (That's not a "rip" -- much of the world's best software is written by people who aren't professionals) Many people who learn how to write code are not computer "use" experts before they get there.

Even among "experts" things like password managers aren't nearly as common as you'd think.

Lastly, don't assume that malware authors specifically targeted Project Euler -- if Project Euler used any piece of software with a vulnerability (Old Apache? Vulnerable OpenSSL? ShellShock?) then they may have gotten hit by some form of automated web crawler that does this to every site it sees.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 marcoose777

marcoose777
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 09 August 2015 - 08:01 AM

 

presumably the typical user of project euler will have a password safe

I think you have a higher estimation of most developers' security setup than reality.

Project Euler's audience is people who are learning to write software, not professionals. (That's not a "rip" -- much of the world's best software is written by people who aren't professionals) Many people who learn how to write code are not computer "use" experts before they get there.

Even among "experts" things like password managers aren't nearly as common as you'd think.

Lastly, don't assume that malware authors specifically targeted Project Euler -- if Project Euler used any piece of software with a vulnerability (Old Apache? Vulnerable OpenSSL? ShellShock?) then they may have gotten hit by some form of automated web crawler that does this to every site it sees.

Billy3

 

 

Hi Billy,

Unfortunately you're probably right about the security practices of amature code dabblers (like myself), however I do use different passwords for all websites that require passwords; take a pat on the back. it's quite sad that malwarez guys couldn't see the altruistic nature of the project euler site, and just leave it alone. There I did it again, basic assumptions about human nature just plain wrong.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users