Semalam Nufnang kena godam rupanya...


Patut la nak masuk nuffnang malam semalam tak boleh, ingatkan pasal apa rupanya nuffnang di godam oleh  GaySec . Dah petang baru tahu sebab pepagi tadi kitaorang outting sebab ada pemberitahuan kata bekalan Air dan Elektrik akan terganggu di sini.

Dapat tahu pasal nuffnang kena godam ni pun dari status advertlets kat FB, bila dah dapat sedikit info tu, buka web Nuffnang pulak nak tahu cerita dari pihak nuffnang sendiri .

Pada yang belum baca lagi pasal ni korang boleh baca kat web nuffnang ya.

Kat bawah ni penyataan dari GaySec berkaitan hal ni, kalau korang nak lebih info boleh baca di http://amanz.my .

Assalamualaikum dan selamat sejahtera,

Setelah beberapa hari menyepi, akhirnya kami telah kembali dengan rekaan laman web, sistem dan beberapa fungsi yang baru. Kami akan cuba membantu anda selagi termampu di halaman facebook kami iaitu jika anda mempunyai masalah komputer, tahap keselamatan laman web atau komputer, bahasa pengaturcaraan, atau apa sahaja, kami akan cuba untuk membantu.

Bercerita tentang nuffnang, mungkin di malaysia ini sudah semestinya ramai blogger yang menggunakan laman sesawang nuffnang untuk mendapatkan duit daripada jumlah pelawat, trafik dan pelbagai lagi dengan menggunakan servis pengiklanan daripada nuffnang.com.my.

Hari ini kami bersempatan untuk melawat halaman nuffnang dan kami telah mendapati laman sesawang nuffnang.com.my tidaklah sebegitu selamat. Kami mulai risau jika suatu hari nanti ada seseoarang yang dapat memasuki ke dalam server(pelayan) nuffnang dan manipulasikan antara servis pengiklanan nuffnang untuk melepaskan virus dengan menggunakan iframe dan skrip javascript yang telah tertanam di dalam setiap laman web yang melanggan iklan servis nuffnang. Kami risau jika suatu hari nanti nuffnang akan dijadikan sasaran utama untuk menyebarkan virus yang merebak melalui halaman seperti laman sosial facebook yang dijangkiti virus koobface. Mungkin seseorang itu boleh menggunakan teknik “ActiveX java” untuk menamkan virus seperti stealer(pencuri), rat(remote administration tool) dan pelbagai lagi virus yang boleh menyebabkan sesebuah komputer pelawat itu dijangkiti oleh virus yang telah di tanamkan di dalam halaman skrip javascript nuffnang tersebut.

Kami cuma akan berkongsi sebanyak 34,531 ribu database
yang sedang berada oleh kami sekarang di atas sebab kesalamatan dan perkara yang tidak dapat dielakkan.

Kami cuma mahu memberi kesedaran terhadap sistem admin dan web master itu tentang keselamatan laman web sendiri, sebelum menuduh dan menyalahkan kami, sila gunakan kepandaian atau duit anda untuk mengupah sesiapa sahaja yang memberikan servis “security pentest” di malaysia ini, kami rasa terlalu banyak syarikat yang membuat servis “security pentenst” bagi menyemak dan melakukan pengimbasan terhadap keselamatan sesuatu sistem dan laman sesawang itu.

Oh, sebelum terlupa, mengenai bentuk dan hash kata laluan nuffnang… Nuffnang menggunakan format SHA1(kata laluan biasa + tarikh akaun di daftarkan). Maknanya anda memerlukan tarikh akaun di daftarkan untuk melakukan proses “penukaran” kata laluan daripada SHA1 kepada kata laluan asal.

Anda boleh memuat turun pangkalan database nuffnang daripada sini:
http://www.gaysec.net/files/nuffnang_34531_user.rar

Ni pulak surat cinta dari nuffnang:

Dear Nuffnanger,

Hope this email finds you well! We'd like to ask if you could please spend a few minutes of your time on this very important community announcement.

Yesterday evening on Friday (22nd July), we discovered an illegal and unauthorised intrusion into our network, which was the latest in a series of hacking incidents by a group of individuals who also claim to have targeted Streamyx, CIMB, TV3 and the several other local websites previously. In our case, the hackers claimed to have downloaded a portion of our blogger account information and published the emails of some 30,000 Nuffnang accounts.

The breach has since been fixed, and we’d like to address a few key concerns that you may have.

1. Your password is safe.
As part of the existing security measures, all user passwords in our database have always been protected with one-way encryption. Nevertheless, we still encourage you to change your password (especially if you use the same password for other sites) as a precautionary measure in case the hackers are able to get past the encryption.

2. Blog earnings and payment records are not affected.
Current earnings and payment history for all users are safe and were not compromised in any way.

3. Loading of blogs serving Nuffnang ads is not affected.
At 1.00 am last night, our Tech team took down the website for maintenance and for a few hours, ads were not served. This morning though, everything is up and running again and back to normal. All blogs serving Nuffnang ads loaded as usual and were not affected by the breach.

This security lapse is an isolated incident, as the security of our sites has always been and always will be our utmost priority. It has however opened our eyes on some vulnerabilities we had on our website. In response to that, we will be taking measures to further heighten the security of the Nuffnang framework because from what we understand, that was after all the motivation of the hackers – not to cause any permanent damage, but to highlight vulnerabilities in a system.

To the Nuffnangers who made many attempts to alert us once word got out that the Nuffnang site was hacked, we cannot begin to thank you enough.

To the wonderful Nuffnang community, thank you for standing by us in this time of crisis. Your patience and support is something we are thankful for and will never take for granted. We apologize for any inconvenience caused, and for not being able to prevent this breach. We have put dedicated staff to work on this matter, therefore to address any concerns or questions you may have about this incident, please write in to us at security@nuffnang.com.

Thank you.

Sincerely,
The Nuffnang Team


Nuffnang - Asia Pacific's First Blog Advertising Community

No comments:

Post a Comment