Category: Application Security

TechCrunched – TechCrunch the Victim of a Defacement

TechCrunched – TechCrunch the Victim of a Defacement

TechCrunch, the popular blog founded by Michael Arrington in 2005 that profiles technology start ups with posts about their products and company news was the victim of a website defacement that has effectively taken the site down for a period of three hours at time of writing. The site initially went down a little after 1 AM EST with a message of “Hi” on the homepage, and for a while seesawed between coming back up, being newly defaced, and showing a “We’ll be back shortly” message.

Baidu.com the Latest Victim of Iranian CyberArmy

Baidu.com the Latest Victim of Iranian CyberArmy

A group called the Iranian Cyber Army has, fresh off the heels of their DNS attack on Twitter last month, hijacked the domain of Chinese search engine Baidu.com.

Example load_file.

Intel Breach Reveals Passport Information

Unu, an active Romanian hacker (see hacker vs. cracker) who largely discloses SQL injection web application vulnerabilities on major sites including recently two Kaspersky international properties and a Wall Street Journal conference site has demonstrated an attack on an Intel web property, http://channeleventsponsors.intel.com/intelwebinar/somepage. This site handles online registrations for channel partner events and that has been demonstrated to have a SQL injection vulnerability that outputs a database table appearing to contain personally identifiable information (PII).

We shall strike if the leader orders: Twitter Struck by Iranian Cyber Army

We shall strike if the leader orders: Twitter Struck by Iranian Cyber Army

At some time around 10pm on Thursday, users going to Twitter.com were served the page below with a banner reading “This site has been hacked by the Iranian Cyber Army”. Also, mowjcamp.org, a site for supporters of Mir-Hossein Mousavi Khameneh a candidate who ran against Mahmoud Ahmadinejad in the 2009 Iranian presidential election, has been serving a similar defacement since at least December 16th and continues to do so. The motive appears to be activism in support of Iran’s current Islamic regime. The attack vector was a bad actor using an id and password assigned to Twitter to log in to the administrative portal of managed DNS service provider Dyn.

MySQL.users table, Malaysia site.

Unu Gets Kaspersky (again)

Unu, a Romanian hacker (he who may enjoy the challenge of breaking into other computers but does no harm) who we’ve talked about on the site before has been busy with his fifth demonstrated SQL Injection vulnerability on the web site of a well known company in the last 30 days. This time he has again targeted Kaspersky Labs, the anti-virus vendor that he previously demonstrated web site vulnerabilities for back on February 7th of this year.

Pentagon Web Site Vulnerabilities Identified

Pentagon Web Site Vulnerabilities Identified

A Romanian hacker has on December 6th identified input validation deficiencies in URL parameter handling leading to security vulnerabilities on a section of the official site of the Pentagon, http://pentagon.afis.osd.mil, the headquarters of the U.S. Department of Defense. The hacker who identifies himself as Ne0h has posted images of the vulnerabilities, which are still active at the time of this blog post, on his blog.

Table of press contact information.

Unu Cracks a Wall Street Journal Conference Site, Not WSJ.com

Unu did identify a Wall Street Journal branded web site that is vulnerable to SQL Injection attacks. But the site is not WSJ.com, is not on the same servers WSJ.com is on, is not a site hosted by Dow Jones-Teleratel but rather a conference site hosted by a WSJ vendor called MAP Digital, Inc..

Pangolin screenshot supposedly demonstrating SQL Injection of Obama web site.

The Barack Obama Donations Site was Hacked…err, no it wasn’t.

This morning a security researcher identified that he was able to carry out a successful SQL Injection attack against donate.barackobama.com, the official campaign donation site of current President Barack Obama, and gain access to credentials such as user names and passwords for persons who have donated to the Obama campaign, as well as administrative user credentials. On his blog he goes on to postulate the further attack possibilities with admin access such as web site defacement, uploading phpshells, and so forth. The problem is that the researcher Unu didn’t find an SQL injection site on donate.barackobama.com, he found one on a calendar application at Roosevelt University. In the process of finding out how that would be possible, a real web site vulnerability on the Obama web site reveals itself.

NSA Career Fair schedule, correct appearance.

NSA.gov Site Defacement

It appears, according to the site defacement archive hosted at Zone-H, that on or around October 5th an NSA web site application was the victim of an SQL injection exploit resulting in a web site defacement. A web application loading a list of recruitment events at colleges was compromised on the careers section of nsa.gov.

ESPN is cornified.

Now I will believe that there are unicorns…

Anyone who looked at ESPN online today (04/27/09) may find themselves agreeing with Mr. Shakespeare. Starting a little after 4pm EST you may have noticed a spike in chatter on Twitter related to ESPN.com. A high profile web site defacement occurred on the sports news web site where the Cornify script was invoked by a Javascript using keystokes known as the Konami code.

Page 2 of 212