Originally shared by Jeroen Wiert Pluimers

-
Originally shared by Jeroen Wiert Pluimers

This weekend, the Embarcadero web site was hacked by AnonCoders. Not once (see also G+ link and DelphiPraxis link and image) but at least twice (see also G+ link and image and Delphi Praxis link and image) where the initial hacked simple text “Hacked By…
http://wiert.me/2016/03/14/delphi-disable-or-change-your-welcome-page-to-not-use-the-embarcadero-site-as-that-site-has-been-hacked-twice-this-weekend

Comments

  1. Brian HamiltonMarch 14, 2016 at 10:49 AM

    easier still to just right mouse click and close the welcome screen (ok until the IDE is next restarted I guess)

    ReplyDelete
  2. Jeroen Wiert PluimersMarch 14, 2016 at 10:54 AM

    Brian Hamilton then you are too late if any malicious code has executed.

    ReplyDelete
  3. Darian MillerMarch 14, 2016 at 11:02 AM

    Any official response from Embarcadero anywhere?

    ReplyDelete
  4. A. BouchezMarch 14, 2016 at 11:31 AM

    I always disable the whole Welcome Page packet.

    ReplyDelete
  5. Jeroen Wiert PluimersMarch 14, 2016 at 11:53 AM

    Darian Miller not found it yet.

    ReplyDelete
  6. Ilya SMarch 14, 2016 at 12:36 PM

    Welcome Page plugin by Daniel Wolf is here https://www.danielwolf.eu/blog/2015/1507-delphi-xe8-moderntheme-anpassen

    ReplyDelete
  7. Jeroen Wiert PluimersMarch 14, 2016 at 12:52 PM

    Ilya S if I read the German forum correctly, that's not the most recent version. The most recent version is linked from my English article or from the German forum link in my article.

    ReplyDelete
  8. Daniel WolfMarch 14, 2016 at 1:08 PM

    The most recent version - Seattle only! - can be found in my blog, yesterday I updated the download. Link is the same as before. So the same file can be found in the forums and in the blog.

    ReplyDelete
  9. Ilya SMarch 14, 2016 at 1:40 PM

    Thank you both! Please excuse my ignorance, the link to the different project wuppdiStyler was given. Right links to the wuppdiWP are
    https://www.danielwolf.eu/blog/2015/1653-delphi-xe8-willkommensseite-anpassen
    https://www.danielwolf.eu/blog/2015/1668-meine-vorstellung-einer-willkommens-seite

    ReplyDelete
  10. Darian MillerMarch 14, 2016 at 6:36 PM

    Daniel Wolf is source available?

    ReplyDelete
  11. David HeffernanMarch 15, 2016 at 2:05 AM

    Darian Miller Jim McKeeth has posted a couple of comments on the following threads:

    https://plus.google.com/103246155735524926641/posts/S8NMDPnF1Nu

    https://plus.google.com/+RickWheeler75/posts/c2NEWBqkvRs

    That's as closes as I have seen to an official response. These comments do nothing to allay my concerns.

    ReplyDelete
  12. Darian MillerMarch 15, 2016 at 7:43 AM

    David Heffernan Thanks for the links.. I responded to Jim on one of those.  If his response is all we are getting as an official response...then that's just ridiculous.

    ReplyDelete
  13. Ilya SMarch 16, 2016 at 3:16 AM

    WhatIf same https://labsblog.f-secure.com/2016/03/15/lenovo-startpage-pushed-angler/ would be done with Embarcadero web site?

    Isn't it nice that embedded IWebBrowser2 would not get IHttpSecurity.OnSecurityProblem request if you don't "navigate to about:blank" first? https://marc.durdin.net/2016/03/dont-forget-to-navigate-to-aboutblank-when-embedding-iwebbrowser2/ via Marc Durdin

    ReplyDelete
  14. Jeroen Wiert PluimersMarch 16, 2016 at 10:55 AM

    After I explained the security vulnerability to a client, they immediately disabled the welcome page package. They were startled about not having received a statement from Embarcadero by email.

    ReplyDelete
  15. Darian MillerMarch 16, 2016 at 1:26 PM

    Jeroen Wiert Pluimers  Any theory on why wouldn't they send out notification?  I have to assume that one is "coming soon" and they are just gathering data.  It comes across as negligent not to perform some sort of public informative action and follow up with some sort of corresponding corrective/preventative action. Jim McKeeth forwarded my questions about the incident to Brandon Shopp yesterday morning.  No response yet.    Perhaps some discussion could be had on the possible negative ramifications that could result in a compromised welcome page.  What damage could possibly be inflicted if running the IDE as an Admin and a malicious entity was in control of the content being displayed?  I'm assuming these hackers didn't realize they had a front door into a million+ desktops through this welcome page entry point.

    ReplyDelete
  16. David HeffernanMarch 16, 2016 at 2:29 PM

    Jim McKeeth  said that his posts here on G+ were the official announcement.

    ReplyDelete
  17. Darian MillerMarch 16, 2016 at 2:45 PM

    David Heffernan I completely reject his logic.  Your website can't get hacked twice in a weekend and some simple comment on a G+ conversation seen by very few cannot possibly serve as official announcement.

    ReplyDelete
  18. Robert Horbury-SmithMarch 16, 2016 at 2:51 PM

    Darian Miller Not Jim's fault. I'm sure he would be following instructions.

    ReplyDelete
  19. Darian MillerMarch 16, 2016 at 3:08 PM

    Robert Horbury-Smith I don't care who's fault it is and I'm not blaming Jim.  I simply expect a proper response and I reject their current approach.  I'll be more vocal as time goes on.

    ReplyDelete
  20. Robert Horbury-SmithMarch 16, 2016 at 11:28 PM

    Darian Miller Darian, I agree with you. What I should have said is that we should be hearing from the "Decision Makers". NOT the poor dudes left holding the can.

    ReplyDelete
  21. Jim McKeethApril 4, 2016 at 11:27 AM

    FYI: Future versions will no longer have the banner pulled from the website on the start page.

    ReplyDelete

Post a Comment