« WASC Announcement: Web Application Security Scanner Evaluation Criteria Call for Participants | Main | Facebook source code leaked »

USA Today fun with XSS

clpwn.com has found an XSS vulnerability in USAToday and has been having fun with it to *post* fake news stories. First a description of the group

"Hardcore WEB HACKING and 0day browser security stuff from wannabe elite hackers TEAM CLPWN..."

Now about the vuln

"The underground hacker team CLPWN has exposed a zero-day content injection flaw in the USA Today website, allowing them to control the news content and attack the unwitting users of the popular news portal.

The news of the security breach comes at a time when both Playboy and CNN are reeling from similar “day zero” attacks on their server by the mysterious self-proclaimed “blackhat hackers”, identified only by the acronym CLPWN.

“This so-called black hat clown group appears to be sophisticated, organized and prepared for a sustained attack” said TCN’s resident IT Security and Risk Management consultant, Riocca Dioalo, speaking from a Las Vegas hotel room where he has been based since the recent Black Hat security professionals conference."

I probably shouldn't be posting news about this, but I do find them to be slightly amusing :)

Article Link: http://www.clpwn.com/2007/08/13/blackhat-scare-hackers-take-over-usa-today-website/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!