>the laziest blog on earth...contact me: mudwerks AT gmail DOT com
ALL MY SONGS!...
AVAILABLE NOW on bandcamp!
(via Yahoo to acquire Tumblr in $1.1 billion cash deal)
That cat’s out of the bag a day early, it seems. Yahoo’s board has approved a $1.1 billion cash deal to purchase the blogging site Tumblr, according to The Wall Street Journal. We were expecting Yahoo to announce the acquisition during tomorrow’s NYC media event — CEO Marissa Mayer may instead use the last-minute gathering to detail the company’s plans for integrating the popular platform. It’s unclear how Yahoo intends to utilize its latest procurement, but with a 10-figure price tag now public, we can only imagine that Tumblr will be put to good use. We’ll be covering tomorrow afternoon’s event live, so stay tuned for more details from New York City.
Sleep with Me (by wackystuff)
tumblr…
A quickly spreading worm on Tumblr has caused media companies The Verge, Reuters, and a large number of other account holders to publish a post laced with racist epithets and other offensive content.
The stunt, attributed to long-time Internet trolling collective GNAA, caused affected Tumblr accounts to display the post. People who viewed the post while logged into Tumblr were in turn forced to publish the offensive content, causing the attack to spread virally according to security researchers. More than 86,000 accounts were affected, according to unconfirmed claims from GNAA members. Tumblr issued a statement saying site engineers are working to combat a “viral post circulating on Tumblr.” It advised anyone who has viewed the post to immediately log out of all browsers that may be logged in.
According to researchers at antivirus provider Sophos, the GNAA post spread by including malicious code that exploited weaknesses in Tumblr’s reblogging feature. A coding tag contained in the post linked to malicious code on another website. The JavaScript exploit, which was included in an iframe tag that pointed to an outside website, used what is known as base-64 encoding. It’s a technique that uses printable ASCII characters to represent large chunks of binary data and has the benefit of making it harder to know exactly how a script will behave when executed.
“It shouldn’t have been possible for someone to post such malicious JavaScript into a Tumblr post,” Sophos Senior Technology Consultant Graham Cluley wrote. “Our assumption is that the attackers managed to skirt around Tumblr’s defenses by disguising their code through Base 64 encoding and embedding it in a data URI.”
It’s unclear how the worm was able to spread so rapidly, but one theory that couldn’t be ruled out as of the time of this writing is the possibility of an XSS hole found on Tumblr’s site. Short for cross-site scripting, XSS techniques allow attackers to inject browser code of their choice into websites that are trusted by millions of users. In turn, miscreants can exploit XSS holes to perform drive-by malware installations, steal Web authentication credentials, post unauthorized content, or carry out other tasks not intended or initiated by the end user…
Graham Cluley, Sophos senior technology consultant, on the today’s Tumblr worm (via cnet)
…Sophos, a provider of security software and hardware, including antivirus, thinks it has figured out how the worm spread so quickly on Tumblr. The firm noted in a blog post that the worm appeared to take advantage of Tumblr’s reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages.
Sophos noted that each affected post had malicious code embedded inside.
“It shouldn’t have been possible for someone to post such malicious JavaScript into a Tumblr post,” Graham Cluley, Sophos senior technology consultant, said in the post. “Our assumption is that the attackers managed to skirt around Tumblr’s [defenses] by disguising their code through Base 64 encoding and embedding it in a data [uniform resource identifier].”
Cybersecurity has increasingly been a concern for social media, blogs, and other online outlets. The worm by GNAA is only the latest example of such an attack.
Art Coviello, executive chairman of EMC’s RSA security business, today made some predictions about the security landscape for 2013. Among his expectations is that hackers will get more sophisticated and national governments will continue to fail to make legislation on rules of evidence and information sharing, as well as reform privacy laws.
In addition, he expects “attack surfaces to continue to expand and any remaining semblance of a perimeter will continue to wither away.”
Ultimately, Coviello said, it’s “highly likely that a rogue nation state, hacktivists or even terrorists will move beyond intrusion and espionage to attempt meaningful disruption and, eventually, even destruction of critical infrastructure…”
(via cnet)
any chance the tumblr app for the kindle fire will resume working?…
anytime soon?
it errors out when you try to post…started about 3 or 4 days ago.
I don’t even think this is a coincidence since there’s so many butts on my dash
not impressed with your anon messages…
i know people are getting the security warning thing so im gonna go ahead and make this post
see that green thing in front of the url??? if you don’t see that on the password reset page, then do not reset your password
i don’t know exactly what is going on but just don’t as a precaution
Warning those who haven’t reset yet!
Heads up everyone!
Went and double-changed it to be on the safe side. Of course, that means I’m just going to forget it here in a few minutes. Sigh.
always good advice…
