New Zealand Herald website defaced via XSS to promote hacker con
"The New Zealand Herald's website fell victim to a page spoofing stunt earlier today, by hackers wanting to publicise their upcoming Kiwicon security conference in November.
In this case, the spoofing meant the hackers displayed a parody of a Herald article to users, rather than a real one, when surfers called up an article on the future of the internet.
"Metlstorm", one of the organisers of Kiwicon Wellington, says it's comparable to taping a fake article into a printed copy of the Herald, before giving the paper to a reader.
The bogus article was marked clearly as "a joke", he says, and contains "wildly unreasonable comment that no sane person would believe."
He is at pains to explain that the stunt is harmless and wasn't a real hack, in the sense of breaking into any systems.
Web developer Dylan Reeve of Bunker Media in Auckland says the hackers used an XSS, orcross-site scripting, bug to display their own content.
"After the page loads, the XSS bug is used to inject Javascript [a type of web-page programming language] that rewrites the article."
Article Link: http://www.stuff.co.nz/4182914a28.html
Comments
You can follow this conversation by subscribing to the comment feed for this post.
All Comments are Moderated and will be delayed!
Post a comment