New Zealand Herald falls victim to XSS prank
- 15 November, 2012 23:41
The New Zealand Herald's website had spinning photos and backwards text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.
The New Zealand Herald's website had spinning photos and backward text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.
Lynch describes himself on his LinkedIn profile as working for deviantART, a social network for artists. He couldn't immediately be reached for comment, but it appears the batch of code, named "eyewonder.js," wasn't specifically intended to target the newspaper website, but rather is a general script designed to manipulate elements on a Web page.
Cross-site scripting, abbreviated as XSS, is one of the most common coding flaws in Web pages but can also have much more dangerous impacts than what visibly affected the New Zealand Herald. An XSS vulnerability can be used to steal data from a website or cause other malicious code to run.
The newspaper, which is owned by APN Holdings NZ Limited, could not immediately be reached for comment.
It may be coincidental, but a hacking conference called Kiwicon is due to kick off tomorrow in Wellington. Kiwicon's blog mentioned the New Zealand Herald's hack on Friday morning, along with two other security-related incidents: a Wi-Fi outage on an airport bus and payment system problems in Wellington.
It's not unheard of for hackers to show off their skills during conferences by attacking infrastructure or even the computers of other conference attendees. Kiwicon runs through Sunday.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- OAIC releases privacy impact assessment guide for consultation
- Some Australian businesses 'unlikely' to be ready for Privacy Act changes: survey
- BYOA 'shadow IT' grows in the enterprise: Telsyte
- Cost of a Privacy Act breach could extend to ongoing audits: legal expert
- How Hunter Water is saving $50k a year in software licences
Trust issue looms large for tech companies capitalizing on personal data
5 women who've made it in IT
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Whitepaper: Preventing Data Loss Takes More Than MDM
You need to secure your BYOD devices—but MDM alone isn't enough to prevent data loss. Read this whitepaper—Data Loss Prevention: When MDM Is Not Enough—to learn how to combat MDM shortcomings. See how to add cross-platform security, implement protection policies, and address risks in consumer apps.
Chandler Macleod recruits new user virtualization platform
One of Australasia’s largest and most successful recruitment and human capital management companies share their success story after recruiting a user virtualization platform, giving them control over the users and devices that have access to specific applications.
Best Practices in Data Protection Monitoring
This whitepaper discusses best practice in data protection monitoring, with a focus on recoverability and visibility as significant drivers for success. Whether backing up a private cloud or several smaller environments, learn how a unified view is necessary for proactively reporting protection, compliance to auditors, and understanding overall data protection health, performance, and reliability.