defacement in the web today

current trends and examples of website defacement *warning: links to mirrors of hacked sites may contain malicious code*

Wednesday, August 02, 2006

Not quite web defacement but still defacement.

Looks like Hezbollah’s Al-Manar television was defaced by Israeli attackers on monday. While its not a website they defaced I would imagine defacing a television broadcast would require quite the amount of work. It isn't yet known for sure what method was used to perform the defacement but regardless of that fact this shows to what extent Israelis are going to in the ongoing Israel-Lebannon conflict

Monday, July 31, 2006

Yahoo! finance sites victim to attack

In the never ending stream of major organizations sites getting hacked Yahoo! is the current victim. Over the weekend the site was hacked but has recently been fixed. The site normally redirects to but was instead replaced with what you can find here. There were a few subdomains of the finance site hacked as well but they have the same thing displayed. One strange detail of this attack is that the server was running FreeBSD which is usually known for being very secure. The attack was reported, by the attackers, to be a weakness in a 3rd party app but could possibly have been a configuration error as well.

Friday, July 28, 2006

Look even more NASA defacements

Seems like the recent defacements of widely known sites is only increasing in frequency. Now NASA was just defaced but it looks like its happened again... maybe they don't take security very seriously. The two sites here (mirror) and there (mirror) have been fixed as of now so check out the links to the mirrors. The attacks were most definitely politically motivated and are a result of the invasion in Lebanon. Times would appear they've hit the point that real world conflicts have noticeable consequences on the internet as well.

Wednesday, July 26, 2006

Netscape defaced...

Well in a way. Today Netscape was the victim of one of those notorious XSS attacks. The attack wasn't malicious and only made javascript pop-ups that at worse redirected users to Digg. Lucky for Netscape it could have been much worse and it wasn't. The good part of this is that they have already fixed the problem, which is much faster than sites usually remedy the issues they have. F-secure has a screenshot on their site if you want to see exactly what it looked like.

Monday, July 24, 2006

some real defacement

Over the weekend there were some actual big name defacements. Both of them are the result of an SQL injection vulnerability. I'm in no way surprised about this as these issues have been popping up all over the web recently. The more problems actually arise as a result of SQL injection I hope will lead to everyone looking at them as the much more serious problem that they actually are.

The first page hacked was Microsoft MSN of Singapore (mirror) site specifically the shopping subdomain. While it happened on Saturday the hacked page still seems to be up now which is two days later. Second was a subdomain of the NASA site (mirror). Third was not from an SQL injection but rather a vulnerability with the CMS software but it was the women page of the Microsoft MSN of Israel (mirror) site.

Two defacements for Microsoft over the same weekend. I'm sure that makes them feel just great about themselves. Maybe they'll get around to securing all their different sites around the world at some point in the near future.

Thursday, July 20, 2006

dont forget cron jobs

Read something rather amusing today yet it still had a bit of advice. After somebody had their server hacked and used for a phishing site he of course removed it. Even though he removed it he got a call the next day about it still being there. Turns out the attacker setup a cron job to recreate the phishing page each day if it does not exist. Luckily he had savy enough friends to help him find this out otherwise it may have been an endless amount of headaches for him. Moral of the story, keep an eye on your cron jobs.

Tuesday, July 18, 2006

XSS via proxies

Cross-site scripting is bad enough and causes plenty of problems when implemented in the traditional way. After reading the post and his friend's I realize how horrible the consequences really could be if attacks like this were carried out. Let's hope nothing like these attacks ever becomes widespread.