Compromised WordPress Blogs Poison Google Image Searches 87
Orome1 writes "Google Image Search has for some time been littered with images that lure users to compromised sites that serve as doorway pages to other malicious sites. Part of the problem is that these compromised sites often use the WordPress publishing platform, which is infamous for the great number of security bugs that make it such a preferred target. This fact has been proven once again by security researcher Denis Sinegubko, who has pinpointed 4,358 WordPress blogs hijacked by unknown attackers and pumped full of popular search keywords and images, which redirect users to sites that try to scare them into buying a fake AV solution."
Blame PHP. Blame JavaScript. (Score:0, Interesting)
PHP does everything in its power to make safe and secure software development damn near impossible. Add in some JavaScript, and an already bad situation gets much worse. It, too, is a horrible language for writing safe, secure software.
Everything about both of those languages is horrible. The syntax is a shitty imitation of C. The semantics, even for basic things like boolean values and comparisons, are extremely fucked up. Worst of all, they somehow are irresistible to the most awful "programmers" around. Both draw in idiocy, probably because anyone who knows anything about programming sees both as the crap that they are.
Ruby on Rails isn't much better, by the way. Its community is merely more ego-centric, rather than stupidity-centric like the PHP and JavaScript communities.
What did you mean by basically? (Score:4, Interesting)
Basically every web app implemented using PHP and JS will be full of security holes.
Wikipedia is implemented in PHP and JavaScript. If it's been compromised, I haven't heard about it. So I must have misunderstood what you meant by "basically".