Pixel Envy

Written by Nick Heer.

A Summary of Today’s Attacks

Mat Honan, for Wired:

Customer service software provider Zendesk announced a security breach that allowed attackers into its system, where they could access data from three customers this week, Wired learned the the clients were Twitter, Pinterest and Tumblr.

More on the Zendesk hack, from their blog:

Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines.

The three customers they’re referring to are, per Honan, Twitter, Pinterest, and Tumblr. The email addresses are probably going to be sold online to some spammer so they can offer you discount Viagra. Thanks, Zendesk.

Meanwhile, if you get your news from NBC.com, you might be interested to know that they succumbed to a Java vulnerability:

Brian Krebs, a former Washington Post reporter and well-known internet security expert who writes the blog Krebs on Security, told The Verge that the hackers inserted code into the NBC.com homepage. This caused visiting browsers to load pages from third-party sites that were compromised.

“The compromised sites tried to foist the Citadel Trojan, a variant of the Zeus Trojan,” Krebs said. The Zeus is a “sophisticated data theft tool that steals passwords and allows attackers to control machines remotely.”

You may want to seriously reconsider your need to run Java. At the very least, you should be using the Click to Plugin browser extension.