RSS
 
 

LulzSec does a job on the Sun News (news international)

19 Jul

This morning the sun news paper front page was being re-directed to a twitter account for ‘LulzSec’.
All funny stuff, especially for a group that is supposed to be disbanded.

They seemed to have come in via this file(By this I mean the re-direct, not how they initially entered the system):

extras.thesun.co.uk/sol/breakingnewspage.html

Replacing part of the contents with code that redirects to a twitter account:
[sourcecode]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title> </title>
</head>

<body style="border: 0; margin: 0; padding: 0;">
<script type="text/javascript">parent.location.href= "http://twitter.com/LulzSec";</script>
<!– TO DO:
Below, pick either "EXAMPLE WITH LINK TO ARTICLE" or "EXAMPLE WITH NO LINK".
Upade "IMAGE" with the URL for the image and "DESCRIPTION" with the alt text.
remove the "<!–" and the -"->" brackets around the one you want to use.

Save and go to:
http://webdevtwo:3000/cgi-bin/wwwsdps.cgi?TYPE=DATE&SCHEME=extrasthesun&AGE=0
and press confirm.

–>

<!–
EXAMPLE WITH LINK TO ARTICLE:
<a href="http://www.thesun.co.uk/sol/homepage/article3664691.ece" target="_top"><img src="IMAGE" alt="DESCRIPTION" /></a>

–>
<!–
EXAMPLE WITH NO LINK:
<img src="IMAGE" alt="DESCRIPTION" />

–>
</body>
</html>
[/sourcecode]

Now since the sun newspaper has the “breaking news” column on their front page, as soon as the section code to display the ‘sun’ column was called via the web browsers layout mechanism, the ‘LulzSec’ re-direct is executed , because it is marked as an off site javascript file.

The result is that a partial sun page gets displayed for a split second, but is then re-directed to the ‘LulzSec’ twitter account, which you can bet is going to be seeing tens of thousands of hits before the system admins at the Sun, spot the problem.

A number of visitors to the sun website pointed out that they were not redirected, this was caused because their web browser just so happened to have a cashed copy of the file that ‘LulzSec’ managed to insert the wedge into, as a result their web browser used the local copy of the file rather than the pawned one.
Anyway that is something too remember for next time, ensure the hack flushes any cashed copies on the users browser.

Check out this link, to see a couple of real pros discussing the issues:
http://www.youtube.com/watch?v=DG7IURgryjA

The frightening thing is here we have a couple of news reporters and they do not even know the names of the current major hacking groups.
Maybe these guys shown in the video were the system admins at the sun?

 
 

Leave a Reply

 

*