New Zealand Herald falls victim to XSS prank

The hack caused the site's text to be reversed and photos and graphics to rotate clockwise

The New Zealand Herald's website had spinning photos and backwards text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.

The New Zealand Herald's website had spinning photos and backwards text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.

The New Zealand Herald's website had spinning photos and backward text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.

Cross-site scripting is an attack in which a script drawn from another website is allowed to run that shouldn't. In the case of the newspaper, the attack appeared to pull a piece of Javascript from the website of a Los Angeles-based software developer, David Lynch.

Lynch describes himself on his LinkedIn profile as working for deviantART, a social network for artists. He couldn't immediately be reached for comment, but it appears the batch of code, named "eyewonder.js," wasn't specifically intended to target the newspaper website, but rather is a general script designed to manipulate elements on a Web page.

Cross-site scripting, abbreviated as XSS, is one of the most common coding flaws in Web pages but can also have much more dangerous impacts than what visibly affected the New Zealand Herald. An XSS vulnerability can be used to steal data from a website or cause other malicious code to run.

The newspaper, which is owned by APN Holdings NZ Limited, could not immediately be reached for comment.

It may be coincidental, but a hacking conference called Kiwicon is due to kick off tomorrow in Wellington. Kiwicon's blog mentioned the New Zealand Herald's hack on Friday morning, along with two other security-related incidents: a Wi-Fi outage on an airport bus and payment system problems in Wellington.

It's not unheard of for hackers to show off their skills during conferences by attacking infrastructure or even the computers of other conference attendees. Kiwicon runs through Sunday.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

CHANNEL CHOICE: Vote Now for your favourite in the three categories: Vendor, Distributor and Reseller. Voting closes August 8.

Tags securityAPN Holdings NZ LimitedExploits / vulnerabilities

More about APN

Comments

Comments are now closed

 

Latest News

01:58PM
Intel appoints new director of Cloud policy and government affairs
11:17AM
EXCLUSIVE: Dave Rosenberg appointed new Westcon A/NZ managing director
12:19PM
Citrix and Fujitsu eye A/NZ mobility market together
11:58AM
Achieva promises it won’t step on resellers’ heels in becoming a value-added dis...
More News
29 Jul
SplunkLive!; Canberra
05 Aug
Systems Technology Day - Build Your Own Private Cloud
06 Aug
Oracle Employee Experience Journey Mapping Workshops
20 Aug
Westcon Group Imagine 2014 - Melbourne
View all events