After a quick investigation, I found that some javascript had been injected into some of the pages of my blog and unfortunately some of my visitors may have been infected. Hopefully they had antivirus software to block the attack. Since I take security very seriously, I outsourced the removal of the injected javascript to Sucuri.net who promptly investigated the issue and has since removed the malware.

The one positive that has come out of this, is that I have now decided to continue with Sucuri’s malware monitoring service to ensure that this type of malware injection doesn’t go unnoticed in the future. Their malware monitoring service now provides as often as hourly monitoring of my sites files and immediate notification if the site was to ever be compromised again.

Apologies to any users who were affected by this attack. We can all learn a lesson from this type of attack as they are becoming more widely spread particularly with popular platforms like WordPress.

Here is an example of what you might receive in the email.

Microsoft Security Bulletin MS06-8447
Cumulative Security Update for Internet Explorer (6063139273)
Published: September 9, 2007

Version: 2.0
Summary

Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Internet Explorer for Microsoft Windows XP Service Pack 2 – Download the update <– THIS IS THE VIRUS LINK

Revisions:

V1.0 (September 9, 2007): Bulletin published

Further information about Microsoft security can be read at http://www.microsoft.com/protect/yourself/phishing/msemail.mspx

To add fuel to the fire, I like to have unique passwords for all the sites I visit so coming up with new passwords, writing them down and all that becomes really, really tedious and sometimes you just can’t be bothered to come up with a new password so you end up using a common one alot of the time.

I have been trialling for a month or so now a password manager for Mac however I wasn’t really happy with it, as it was a bit clunky and the company didn’t reply to my email so off I went looking for alternatives.

I found 1passwd.com has written this cool mac password manager and form filler application that integrates into Firefox, and Safari on Mac as well as a range of other browsers. It automatically records your passwords when you enter them in your login forms so you don’t ever have to do it again and all you need to do is remember one password, hence the name.

Download a Trial Version

video from www.1passwd.com

With so many spammers and scammers out there trying to steal your information you need to have a tool that takes the headaches out of your password security and 1passwd does just that, and at only USD$29.95 it’s a steal.

I downloaded the free version and after using it for a few days I went back and bought it for myself. Hope you enjoy it as much as I do.