clpwn.com has found an XSS vulnerability in USAToday and has been having fun with it to *post* fake
news stories. First a description of the group
"Hardcore WEB HACKING and 0day browser security stuff from wannabe elite hackers TEAM CLPWN…"
Now about the vuln
"The underground hacker team CLPWN has exposed a zero-day content
injection flaw in the USA Today website, allowing them to control the
news content and attack the unwitting users of the popular news portal.
The news of the security breach comes at a time when both
Playboy and CNN are reeling from similar “day zero” attacks on their
server by the mysterious self-proclaimed “blackhat hackers”, identified
only by the acronym CLPWN.
“This so-called black hat clown group appears to be
sophisticated, organized and prepared for a sustained attack” said
TCN’s resident IT Security and Risk Management consultant, Riocca
Dioalo, speaking from a Las Vegas hotel room where he has been based
since the recent Black Hat security professionals conference."
I probably shouldn't be posting news about this, but I do find them to be slightly amusing 🙂
Article Link: http://www.clpwn.com/2007/08/13/blackhat-scare-hackers-take-over-usa-today-website/
