HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 3 MINUTES AGO.
- BREAKING NEWS -
How did North Korea hack into Sony's systems? A US official tells CNN the method was by stealing a system administrator's credentials. More on this story soon.
X

You are here: Home / Network Security / Tumblr Worm Spreads Offensive Post
Tumblr Worm Demonstrates Ongoing IT Security Struggle
Tumblr Worm Demonstrates Ongoing IT Security Struggle
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
03
2012


In an ugly event that demonstrates how easy it still is for hackers to compromise networks, Tumblr was infected with a worm that propagated a racist message to member blogs without their knowledge or permission.

Tumblr is asking bloggers that have witnessed the post on the site to "immediately" log out of any browser they used to access the social media platform. Tumbler actually relied on Twitter to communicate with its base.

The GNAA post also said Tumblr members are not beyond redemption and suggested they "drink bleach and die, you emo, self-insisting, self-deprecating, self-indulgent empty husks of human beings." After continued rants against the Tumblr population, the GNAA suggested attempting to delete the post would delete a user's Tumblr account.

Absolute Filth

A group that goes by the name Gay N***er Association of America, or GNAA, took credit for the racist post. Wikipedia describes the GNAA as "an anti-blogging Internet-trolling organization." The racist post called out Tumblr for propagating the "most f***ing worthless, contrived, bourgeoisie, self-congratulating and decadent bulls**t the Internet has ever had the misfortune of facilitating."

The GNAA post also said Tumblr members are not beyond redemption, as long as they "drink bleach and die, you emo, self-insisting, self-deprecating, self-indulgent empty husks of human beings." After continued rants against the Tumblr population, the GNAA suggested attempting to delete the post would delete a user's Tumblr account.

Brad Shimmin, an analyst at Current Analysis, said because the technologies and platforms being used so prevalently today for cloud-based services are both open and familiar -- and because of the level of maturity in the hacker realm -- these breaches tend to pop up regardless of the efforts companies put forth to maintain security.

"Companies don't talk about the efforts that go into subverting threats and avoiding threats and responding to threats for good reason," Shimmin said. "Companies are being attacked all the time. It's literally an ongoing 24/7 effort to secure both the availability of a service and security and privacy of the user data that's housed in that service."

How Hackers Breached Tumblr

So how did the attack happen? Graham Cluley, a senior security consultant at Sophos, said it appeared the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages.

As Cluley explained it, each affected post had some malicious code embedded inside it. A Base 64 string was encoded in JavaScript, hidden inside an iFrame that was invisible to the naked eye, that dragged content from a URL. Once decoded, he said, the intention of the code becomes more clear.

"If you were not logged into Tumblr when your browser visited the URL, it would simply redirect you to the standard login page. However, if your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr," Cluley said.

"It shouldn't have been possible for someone to post such malicious JavaScript into a Tumblr post -- our assumption is that the attackers managed to skirt around Tumblr's defenses by disguising their code through Base 64 encoding and embedding it in a data URI."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
ICANN has been hacked. The nonprofit organization that manages databases of domain names is investigating a system intrusion that compromised its domain name servers.

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.