Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

New Zealand Herald falls victim to XSS prank

The hack caused the site's text to be reversed and photos and graphics to rotate clockwise
  • (IDG News Service)
  • 15 November, 2012 23:41
The New Zealand Herald's website had spinning photos and backwards text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.

The New Zealand Herald's website had spinning photos and backwards text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.

The New Zealand Herald's website had spinning photos and backward text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.

Cross-site scripting is an attack in which a script drawn from another website is allowed to run that shouldn't. In the case of the newspaper, the attack appeared to pull a piece of Javascript from the website of a Los Angeles-based software developer, David Lynch.

Lynch describes himself on his LinkedIn profile as working for deviantART, a social network for artists. He couldn't immediately be reached for comment, but it appears the batch of code, named "eyewonder.js," wasn't specifically intended to target the newspaper website, but rather is a general script designed to manipulate elements on a Web page.

Cross-site scripting, abbreviated as XSS, is one of the most common coding flaws in Web pages but can also have much more dangerous impacts than what visibly affected the New Zealand Herald. An XSS vulnerability can be used to steal data from a website or cause other malicious code to run.

The newspaper, which is owned by APN Holdings NZ Limited, could not immediately be reached for comment.

It may be coincidental, but a hacking conference called Kiwicon is due to kick off tomorrow in Wellington. Kiwicon's blog mentioned the New Zealand Herald's hack on Friday morning, along with two other security-related incidents: a Wi-Fi outage on an airport bus and payment system problems in Wellington.

It's not unheard of for hackers to show off their skills during conferences by attacking infrastructure or even the computers of other conference attendees. Kiwicon runs through Sunday.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: APN
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: security, APN Holdings NZ Limited, Exploits / vulnerabilities
Latest Blog Posts
Whitepapers
  • CISO 2013 Security Insights: A new standard for security leaders
    Insights from the 2013 IBM Chief Information Security Officer Assessment which uncovered a set of leading business, technology and measurement practices that help to address the questions CISO's and security leaders have in managing diverse business concerns, creating mobile security policies and in fully integrating business, risk and security metrics.
    Learn more »
  • Swiss Nuclear Power Plant Improves Business Continuity
    Learn how Kernkraftwerk Leibstadt (KKL), a Swiss nuclear power plant, achieved 95% virtualization with 50% fewer servers in just two months by implementing a Vblock System. The solution ensures that KKL can reliably deliver the continuous electricity supply safely and cost effectively.
    Learn more »
  • PCI DSS v3.0 - Compliance Guide
    Due to a lack of consumer confidence and a subsequent drop in sales, all entities that handle credit cardholder information are being challenged to adopt more effective data protection measures. This paper provides information on available tools to help validate compliance with the latest version of the Payment Card Industry Data Security Standard (PCI DSS).
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments