New Zealand Herald falls victim to XSS prank

The hack caused the site's text to be reversed and photos and graphics to rotate clockwise

Jeremy Kirk (IDG News Service)
15 November, 2012 23:41
Comments

The New Zealand Herald's website had spinning photos and backwards text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.

View all images

The New Zealand Herald's website had spinning photos and backward text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.

Cross-site scripting is an attack in which a script drawn from another website is allowed to run that shouldn't. In the case of the newspaper, the attack appeared to pull a piece of Javascript from the website of a Los Angeles-based software developer, David Lynch.

Lynch describes himself on his LinkedIn profile as working for deviantART, a social network for artists. He couldn't immediately be reached for comment, but it appears the batch of code, named "eyewonder.js," wasn't specifically intended to target the newspaper website, but rather is a general script designed to manipulate elements on a Web page.

Cross-site scripting, abbreviated as XSS, is one of the most common coding flaws in Web pages but can also have much more dangerous impacts than what visibly affected the New Zealand Herald. An XSS vulnerability can be used to steal data from a website or cause other malicious code to run.

The newspaper, which is owned by APN Holdings NZ Limited, could not immediately be reached for comment.

It may be coincidental, but a hacking conference called Kiwicon is due to kick off tomorrow in Wellington. Kiwicon's blog mentioned the New Zealand Herald's hack on Friday morning, along with two other security-related incidents: a Wi-Fi outage on an airport bus and payment system problems in Wellington.

It's not unheard of for hackers to show off their skills during conferences by attacking infrastructure or even the computers of other conference attendees. Kiwicon runs through Sunday.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

"Suggesting that people's "purpose is to get information to flow through the ..."

Why change management doesn’t work
"Darn those pesky laws that get in the way of commercial exploitation ..."

Larry Page wants to see your medical records
"Instead of partitioning the device between corporate and personal data, another approach ..."

Dual-Persona Smartphones Not a BYOD Panacea
"Well that's a nice back-handed compliment isn't it? So now, finally, my ..."

After two-year hiatus, EFF accepts bitcoin donations again
"Actually, both Mobile App developers and CIOs should be blamed for it. ..."

CIOs struggle to deliver timely mobile business apps: survey

Tags: security, APN Holdings NZ Limited, Exploits / vulnerabilities

Latest Blog Posts

Whitepapers

Hybrid IT Service Management: A Requirement for Virtualisation and Cloud Computing
When competition is tough and resources are limited, corporate leaders are depending on growing their existing capabilities in order to grow their business. Information technology can be a unique catalyst for business growth, delivering a competitive advantage when creatively applied to established and emerging problems. Read more on what trends are accelerating the value of IT.

Learn more »
IDC: Delivering Customer Value with Enterprise Flash Deployments
When it comes to flash, “one size does not fit all.” IDC examines recent flash trends in enterprise storage deployments. This includes: highlighting how SSDs are filling in gaps of existing storage systems when coupled with intelligent archiving and automated tiering, the pros and cons of different SSD approaches, and tips to overcome concerns of reliability, manageability and scalability.

Learn more »
Detecting APT Activity with Network Traffic Analysis
Today’s successful targeted attacks use a combination of social engineering, malware, and backdoor activities. This research paper will discuss how advanced detection techniques can be used to identify malware command-and control (C&C) communications related to these attacks, illustrating how even the most high-profile and successful attacks of the past few years could have been discovered.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

FTOS Web Applications DeveloperNSW
FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
FTTechnical Business AnalystNSW
FTSenior Python DeveloperNSW
FTQuality ManagerSA
FTFlash / ActionScript Developer - ContractNSW
FT.NET - Sitecore Developer - Melbourne - PermNSW
FTR&D EngineerSA
FTLead Software EngineerSA

Zones

Featured Whitepapers

IDC: Delivering Customer Value with Enterprise Flash Deployments

When it comes to flash, “one size does not fit all.” IDC examines recent flash trends in enterprise storage deployments. This includes: highlighting how SSDs are filling in gaps of ...

Recent comments

"Suggesting that people's "purpose is to get information to flow through the ..."
Why change management doesn’t work
"Darn those pesky laws that get in the way of commercial exploitation ..."
Larry Page wants to see your medical records
"Instead of partitioning the device between corporate and personal data, another approach ..."
Dual-Persona Smartphones Not a BYOD Panacea
"Well that's a nice back-handed compliment isn't it? So now, finally, my ..."
After two-year hiatus, EFF accepts bitcoin donations again
"Actually, both Mobile App developers and CIOs should be blamed for it. ..."
CIOs struggle to deliver timely mobile business apps: survey

Follow CIO

Market Place

Now out of the office never means out of the loop. Office 365 – your complete office in the cloud.

Switch on The Symantec Business Critical Virtualisation Content Zone

Australian Breakfast Road Show: Enabling Proactive Security for Tomorrow's Business Trends

Deploying mobility worthwhile challenge hear what CIOs have to say.. Read more

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

New Zealand Herald falls victim to XSS prank

Recommended

Where is IT outsourcing heading in 2013?

VMware launches network-savvy cloud service

Tapping into social experience: Tourism Australia

Homeless multinationals and taxing decisions

IT sourcing: in or out?

Avoiding your cloud vendor’s success trap

10 Tips for Dealing with a Bully Boss

5 open source help desk apps to watch

How to define the scope of a project

PMBOK vs PRINCE2 vs Agile project management

CenITex to become service “broker”

Opinion: Why national e-health is not for everyone

Dual-Persona Smartphones Not a BYOD Panacea

Larry Page wants to see your medical records

eBay bids on big data challenge

How Big Data can improve marketing and customer service

Symantec Business Critical Virtualisation Content Zone

BlackBerry Enterprise Service 10 Zone

HP Tech Connect Resource Centre

IDC: Delivering Customer Value with Enterprise Flash Deployments

Enable Flexible Working

NetApp FAS6240 Clustered SAN Champion of Champions

Best Practices for ERP Implementation

Legal Compliance in Electronic Record Keeping