News Web Server Security Phishing Database Security Application Server Security Library Vulnerability Archive Secure Development Web Services Pen Test AJAX Application Firewalls
Main -> Internet Security News
TOPIC'S
Advertising
Old News
About
Resume
Contact
FAQ
Irc
Links
Articles
Translate
Interviews
Commentary
Books
Demos
Papers
Downloads
Advisories
Contributions
Security Services
Submit News
Syndicated News


Hosting generously provided by
www.mv.com




Pick Your Language


New Zealand Herald website defaced via XSS to promote hacker con
Posted 08/29/07 by Robert

"The New Zealand Herald's website fell victim to a page spoofing stunt earlier today, by hackers wanting to publicise their upcoming Kiwicon security conference in November.

In this case, the spoofing meant the hackers displayed a parody of a Herald article to users, rather than a real one, when surfers called up an article on the future of the internet.

"Metlstorm", one of the organisers of Kiwicon Wellington, says it's comparable to taping a fake article into a printed copy of the Herald, before giving the paper to a reader.

The bogus article was marked clearly as "a joke", he says, and contains "wildly unreasonable comment that no sane person would believe."

He is at pains to explain that the stunt is harmless and wasn't a real hack, in the sense of breaking into any systems.

Web developer Dylan Reeve of Bunker Media in Auckland says the hackers used an XSS, orcross-site scripting, bug to display their own content.

"After the page loads, the XSS bug is used to inject Javascript [a type of web-page programming language] that rewrites the article."

Article Link: http://www.stuff.co.nz/4182914a28.html
Link to this Story: New Zealand Herald website defaced via XSS to promote hacker con
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed
Discuss this article    Find Related Stories



External Links:
Copyright 2000-2007 Cgisecurity.com.
Providing Web Security news since 2000.
Information contained on this website may not be copied without explicit permission.
Best Viewed with Netscape.
Website Security Web Application Security solid state drives ebay cd players camera lens deals buy macbook air not work safe software security canon camera deals


Popular Links By Subject

Sponsored Link (Advertise)


Subscribe to CGISecurity.com



The Web Security Mailing List
  • Re: [WEB SECURITY] Web Hacking Firefox Add-ons Bundled
  • [WEB SECURITY] Token Kidnapping Win2k3 PoC exploit
  • Re: [WEB SECURITY] Web Hacking Firefox Add-ons Bundled
  • Re: [WEB SECURITY] Web Hacking Firefox Add-ons Bundled
  • Re: [WEB SECURITY] Web Hacking Firefox Add-ons Bundled
  • Re: [WEB SECURITY] Web Hacking Firefox Add-ons Bundled
  • Re: [WEB SECURITY] NiktoFE, WFuzzFE
  • Re: [WEB SECURITY] Web Hacking Firefox Add-ons Bundled
  • Re: [WEB SECURITY] Web Hacking Firefox Add-ons Bundled
  • Re: [WEB SECURITY] Interview With Jeremiah Grossman on ClickJacking attack

    • Contact us
    Post News, get linkage!

    Name

    Email or Homepage:

    Subject

    Finish the word below: deadb33f

    Body