New Zealand Herald falls victim to XSS prank

The hack caused the site's text to be reversed and photos and graphics to rotate clockwise

Jeremy Kirk (IDG News Service)
15 November, 2012 23:41
Comments

The New Zealand Herald's website had spinning photos and backwards text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.

View all images

The New Zealand Herald's website had spinning photos and backward text on Friday morning after it evidently was the victim of an amusing cross-site scripting attack.

Cross-site scripting is an attack in which a script drawn from another website is allowed to run that shouldn't. In the case of the newspaper, the attack appeared to pull a piece of Javascript from the website of a Los Angeles-based software developer, David Lynch.

Lynch describes himself on his LinkedIn profile as working for deviantART, a social network for artists. He couldn't immediately be reached for comment, but it appears the batch of code, named "eyewonder.js," wasn't specifically intended to target the newspaper website, but rather is a general script designed to manipulate elements on a Web page.

Cross-site scripting, abbreviated as XSS, is one of the most common coding flaws in Web pages but can also have much more dangerous impacts than what visibly affected the New Zealand Herald. An XSS vulnerability can be used to steal data from a website or cause other malicious code to run.

The newspaper, which is owned by APN Holdings NZ Limited, could not immediately be reached for comment.

It may be coincidental, but a hacking conference called Kiwicon is due to kick off tomorrow in Wellington. Kiwicon's blog mentioned the New Zealand Herald's hack on Friday morning, along with two other security-related incidents: a Wi-Fi outage on an airport bus and payment system problems in Wellington.

It's not unheard of for hackers to show off their skills during conferences by attacking infrastructure or even the computers of other conference attendees. Kiwicon runs through Sunday.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: APN

Comments are now closed.

Share
Share this article1
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"we are so very blessed to be living in such very exciting ..."

Titan falls: Today's top supercomputer is owned by China, powered by Intel
"Hi Mr.B Thanks for your comment, Bonding 4 X Wireless NBN connections, ..."

Armidale hosts fastest wireless NBN in Australia: Fusion Broadband
"Hilarious! Four simultaneous NBN wireless services is faster than one NBN wireless ..."

Armidale hosts fastest wireless NBN in Australia: Fusion Broadband
"Of course you could bond many ADSL broadband connections together for a ..."

Armidale hosts fastest wireless NBN in Australia: Fusion Broadband
"What would be their speed be without the NBN. It could be ..."

Armidale hosts fastest wireless NBN in Australia: Fusion Broadband

Tags: security, APN Holdings NZ Limited, Exploits / vulnerabilities

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Featured Resources

Virtualization and Consolidation Solutions

Both a challenge and solution are presented here for deploying equipment offsite in co-location sites or the cloud.

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

ACA Pacific

NovaStor NovaBackup Solutions. Simple, Fast and Reliable Windows Backup Software.

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Latest Jobs