"The New Zealand Herald's website fell victim to a page spoofing stunt
earlier today, by hackers wanting to publicise their upcoming Kiwicon
security conference in November.
In this case, the spoofing meant the hackers displayed a
parody of a Herald article to users, rather than a real one, when
surfers called up an article on the future of the internet.
"Metlstorm", one of the organisers of Kiwicon Wellington, says
it's comparable to taping a fake article into a printed copy of the
Herald, before giving the paper to a reader.
The bogus article was marked clearly as "a joke", he says, and
contains "wildly unreasonable comment that no sane person would
believe."
He is at pains to explain that the stunt is harmless and wasn't a real hack, in the sense of breaking into any systems.
Web developer Dylan Reeve of Bunker Media in Auckland says the hackers used an XSS, orcross-site scripting, bug to display their own content.
"After the page loads, the XSS bug is used to inject Javascript
[a type of web-page programming language] that rewrites the article."
Article Link: http://www.stuff.co.nz/4182914a28.html
