WigWare Ambisonic Plug-ins Update

I’ve updated the PC versions of my 1st order plugins to incorporate a number of bug fixes already present in the Mac versions.  I’ve also optimised the code a little, and improved the near field compensation and distance filtering to be, well, correct and glitch free (not very noticeable in 1st order….2nd order to come!)  Also, these are now compiled using Microsoft Visual Studio as Audacity didn’t like Borland Builder compiled versions……

WigWare Ambisonic Panners (PC) (3626 downloads)
WigWare Ambisonic Decoders (PC) (4352 downloads)
WigWare Ambisonic Reverb (PC) (3158 downloads)

Comments/bug reports and general feedback always welcome!

 

Website Hacking Update

It’s taken some time, but as I’m getting a few hits on my website from people searching for information on the malware that was inserted onto my website, I thought I’d make what we’ve found out so far public.

As mentioned already, the malware most obviously installed on the website was reported as Trojan:JS/BlacoleRef.BG and Exploit:Java/CVE-2012-0507.AV.  After cleaning these javascript rogues off my site several times, they kept coming back (the excellent Securi Sitecheck Scanner is an invaluable tool, here!).  The rogue scripts are added to legitimately running javascript files and are picked up straight away by Google Chrome (which I use) and Microsoft Security Essentials (which I use at home).  It was the fact I use Chrome which alerted me to the problem in the first place.

So, how did the hackers get in?  It seems that the security breach was due to Parrallels Plesk Control Panel which the web server my site is hosted on uses as it’s web based interface.  I finally tracked down this information from this excellent website, and it’s an interesting read:

Unmask Parasites Blog

It seems that the Plesk vulnerability was compounded by the fact that the password list in plesk is stored in plain text!!!!!!  This meant that the hackers potentially had access to all the plesk passwords on the server (including ftp etc..)  So, unless all passwords on the server (which may well host multiple sites!) were reset, the hacker could get back in and read all the passwords again!  One interesting addition, is that we discovered extra scripts in the cgi-bin directory of websites on the server which seem to be similar to other distributed denial of service attack type scripts.

Anyway, now Plesk is patched and upgraded and all the passwords on the server have been reset, normal service should resume!