Category ArchiveDefacements
Filed under: Defacements, Exploits, Hacktivism
posted by D1m on 05 Apr 2008
Jun 2007 – Feb 2008 U.S. Gov Website Defacements + Commentary
Below is a list of US governmental websites which were defaced by crackers – or elite hackers as the media would say – since 26th of June 07 until late February 2008. It is quite interesting to know that most of the security vulnerabilities affecting the following *.gov websites are known for some years now.
Filed under: Defacements, Hacktivism, Penetration Testing, Personal Opinions, Security Articles
posted by D1m on 09 Aug 2007
How Crackers Deface Websites? Why They Do It?
Through the following post I am not purposing to influence you to start defacing, but to briefly give you a better understanding of how and why it is done.
Almost everyday I visit Zone-H’s archive of special digital attacks, I find that at least 1 or 2 attacks were done against US governmental web servers. The domain suffix of the defaced websites was *.gov. Does this fact means that they are totally secure? I don’t think so… Obviously the web servers may host very confidential data. In this case the web server administrators seemed to have allowed threats against governmental assets. Any unwanted consequences that a breach of security can lead to, are mainly caused by the irresponsibility and lazyness of system administrators and web developers.
Filed under: Defacements, Security News, XSS
posted by D1m on 06 Mar 2007
XSSed.com: What, Who, Why?
The goals of XSSed.com are to provide informative resources on cross-site scripting(XSS) vulnerabilities and exploitation methodologies, and to archive XSS vulnerable websites for statistic purposes. Mirroring websites is a way to prove to vendors and webmasters that the vulnerability really existed – in case of denial. Users will become more aware on protecting themselves on some websites, as XSS vulnerabilities are mostly targeting the users and not the websites.
XSSed.com is also an attempt to spread education and awareness about XSS to IT professionals and amateurs involved or interested in secure web application development.
Filed under: Defacements, Hacktivism, Personal Opinions, Security News
posted by D1m on 22 Feb 2007
High-Profiled Websites Getting Hacked And Defaced
Everyday, the security of many high-profiled governmental, military, educational and corporate websites, is broken into by crackers who deface them. Although some defacers protest against wars and other just send greets to their cyberdudes, I believe that their true motive is to get to the top of the lead in “special” defacements. The defacers don’t want to admit this as the real reason for their attacks.
Filed under: Defacements, Exploits, Personal Opinions, Security News
posted by D1m on 01 Feb 2007
MSN.co.uk Money Related Websites Hacked And Defaced
Two websites belonging to MSN (Microsoft Network) in the United Kingdom, were defaced today by an attacker who goes by the nickname “DARK LORD“. It looks like someone who is unethically testing his SQL injection skills, and “feeding” himself with a false sense of pride, just by leaving the message “DARK LORD WAZ HERE”.
No. I am not a defacer psychologist. I am just expressing my personal opinion on the matter, which is this: If a website defacement doesn’t convey a meaningful message, then it is done for selfish reasons.
A bit of an embarassment for Microsoft’s sysadmins…