23 comments

[ 3.4 ms ] story [ 71.2 ms ] thread
In events like this it is a good idea to avoid sites that have apparently been compromised in case they start serving up malware.
Yep. But living dangerously is so much more fun. runs unpatched Windows Vista in a VM
I discovered it when I tried to reply to a comment. How do you avoid a site when you're one of the first to see it hacked?
You don't. I'm pretty sure they're talking to everyone on HN who's going to come to the comments and then click on the site to check it out.
Esp. if you were running Windows, I would assume. I haven't seen that kind of propagation on non-MS platforms (just my observation).. I'd like to know if a browser on an Ubuntu box would be equally vulnerable - correct me if I am wrong.
To be honest, I don't actually think Windows is more vulnerable these days - it's just that the average user of Windows is more vulnerable because they're less informed. They'll see the elevated permissions prompt (whatever it's called) and just click yes anyway. Similarly, Windows installers will often come bundled with crapware, but if you read what you're doing you can avoid it.
I'd always recommend turning on Click-To-Play for all plugins no matter what your platform. Mac isn't immune from this type of thing, even if Linux is due to obscurity.

Most drive-bys are targeting either old versions of IE, Java, Flash, or rarely Windows Explorer issues in XP.

Chrome is great because it auto-updates regularly, and auto-updates Flash. But even in Chrome I turn on Click-To-Play (since I need to have Java installed, and don't trust Java).

Earliest tweet about it that I could find (with a screenshot): https://twitter.com/eanlz/status/544585861421993984

The overwritten page read:

    Arse security.
    @nidohax - @metapawd
    cue the music
It looks like Ars has the moonshark up for now. Maybe DNS-related?
BTW, @nidohax and @metapawd have no posts on their Twitter accounts. Since they appear to be seeking publicity, lets keep it that way - zero posts on their accounts.
Ars runs on WordPress, yet another WordPress exploit, or even more commonly, yet another WordPress plugin exploit would be even less surprising than DNS.
Ha, wordpress seems so anti ars u_u;
Just saw this. Immediately, left and hoping for a quick recovery. More and more just keep on falling. Is it really that fun to bring down other people? I don't understand it. Truly.
(comment deleted)
It's already back online.