Last night, there was a hacking attempt on Xepher.net, the server that hosts this blog and rocr.net. From the Xepher.net homepage:
Server was down for about 3 hours today, as an attack secretly added a small bit of javascript to most webpages here. The script would open a small/unseen iframe that loaded another site with many, many viruses and other malware. At most, this code was in place for 4 hours, and it only affects internet explorer on windows. I've since patched the software that had the hole in it, as well as run a script to remove the exploit code from all the infected pages. There should be no remaining damage. Still, as always, let me know if something's broken or funky.
The hole allowing hackers to put malicious scripts on index pages was in OpenSSL, which ironically is server-side security software, Xepher explains in his forums. People running Opera or Firefox were safe from the malicious scripts, hint hint.
