The UK Guardian has the low down on how LulzSec's primetime drudge of the UK Sun went down. It happened in two phases: one was advertent an accomplishment in the "contact us" section. The added was the analysis of a retired server.
LulzSec Hacks The Times with Brutal Murdoch Afterlife Notice LulzSec Hacks The Times with Brutal Murdoch Afterlife Notice LulzSec Hacks The Times with Brutal Murdoch
Well, seems like LulzSec has returned, and confused above the DDOS attack! Not agreeable to alone shut … Apprehend added Read more
The email vulnerability is anticipation to accept been apparent by LulzSec hackers as aboriginal as 2009. That gave them admission to ample swaths of the Sun's email database. Again there's the analysis of the server:
The hacker acclimated that and again ran a "local book inclusion" affairs to accretion admission to the server – acceptation they had all-encompassing ascendancy over it.
That again gave them admission beyond ample locations of the Account International network, possibly including the archived emails, and to the Sun's "content administration system" (CMS) – which formats account assimilate pages. That will accept included the cipher for the "breaking news" aspect of the Sun's capital webpage; alteration the absolute agreeable on the page would be too obvious.
By including a band of Javascript in the "breaking news" element, the hackers were able to ensure that anyone visiting the Sun's home page would, as the ticker was automatically refreshed, they would be redirected to anywhere that the hackers chose.
Once that happened, the account of the drudge went public, which complex redirects to the affected Murdoch afterlife story, as able-bodied as the alter to the LulzSec twitter. And now Account Corp is larboard to aces up the pieces. [Guardian]
No hay comentarios :