Czech Mapy.cz (part of a big corporation for cz scale) also has a good one (almost) every year. This year they restricted you from browsing more than 10 km from your location and the map went blank after 9 PM, according to current covid restrictions here. Obviously, there was a simple way to escape it.
I loved this article, but I'm confused about one thing – if I read it correctly, it seems to connect hacked routers inserting tokens into traffic, and tokens found on hundreds of pages (discovered with a script run by the author). But he wouldn't see these at all, so the same token found by him on many hosts is caused by something different, isn't it?
I think you misunderstood about his scripts; his primary source of data is from acquiring the domain the malicious scripts were hosted on and he wrote scripts to summarize the server logs of his previously malicious CDN.
He knows the script URL and referrer URL of each attempt to invoke the malicious scripts. The URLs of the scripts seem to include the token to configure them to the attacker.
He visited sites in the referrers and looked them up in search only to do tests to convince himself that the pages are clean and the servers aren't conditionally returning the malicious content, etc.
but why would you test that so obviously ('fix typo' but add code)? and they made it clear that they likely had access to the git server (by pushing 'from' different accounts), which (obviously, if that's what is actually happening) can kill their access
That was my assumption given that they explicitly mentioned zerodium. But so far only the commit itself is public, so until we know more about the attack or the attacker, this is pure speculation. The tweet from zerodium is not clear on whether they received an offer for this vulnerability, unfortunately.
This is the thing - for some things (e.g. searching for tech to use), you care about recency. But for something you absolutely don't. But the search engines magic seems to throw this all into one bucket and notice that people are more clicking the '2021' links. And the consequence of this is SEO optimization done by automatically updating all links to current year - I searched for something on 1st Jan and already got a bunch of '2021 comparisons'
It's a common content marketing tactic to update post titles to include "for 2021" a few weeks ahead of the new year. It's a tweak to get it ranking, as every other content marketer is doing the same.
reply