Millions of sites are managed and updated using Drupal
Up to 12 million websites may have been compromised by attackers who took advantage of a bug in the widely used Drupal software.
The sites use Drupal to manage web content and images, text and video.
Drupal has issued a security warning saying users who did not apply a patch for a recently discovered bug should "assume" they have been hacked.
It said automated attacks took advantage of the bug and can let attackers take control of a site.
'Shocking' statement
In its "highly critical" announcement, Drupal's security team said anyone who did not take action within seven hours of the bug being discovered on 15 October should "should proceed under the assumption" that their site was compromised.....
...."Attackers may have copied all data out of your site and could use it maliciously," said the notice. "There may be no trace of the attack." It also provided a link to advice that would help sites recover from being compromised.
Mark Stockley, an analyst at security firm Sophos, said the warning was "shocking".
http://www.bbc.com/news/technology-29846539
Some of you may recall that The Oil Drum was/is a Drupal site. While supposedly 'mothballed', it's still open to view articles and comments from when it was active.
My question is; how long can the internet and our vast interconnected systems; banking/finance, energy systems, JIT inventory systems, pretty much everything, remain viable? It's apparent that the war on information systems is escallating and that systems managers are playing wack-a-mole with the hackers.
We often discuss that energy systems are industrial societies' Achilles' heel, but are we ignoring what is actally the global macro-system's greatest vulnerability? Is NoNet more of a threat than SkyNet?