Hackers hit New Zealand Herald website
Relevant offers
The New Zealand Herald's website fell victim to a page spoofing stunt earlier today, by hackers wanting to publicise their upcoming Kiwicon security conference in November.
In this case, the spoofing meant the hackers displayed a parody of a Herald article to users, rather than a real one, when surfers called up an article on the future of the internet.
"Metlstorm", one of the organisers of Kiwicon Wellington, says it's comparable to taping a fake article into a printed copy of the Herald, before giving the paper to a reader.
The bogus article was marked clearly as "a joke", he says, and contains "wildly unreasonable comment that no sane person would believe."
He is at pains to explain that the stunt is harmless and wasn't a real hack, in the sense of breaking into any systems.
Web developer Dylan Reeve of Bunker Media in Auckland says the hackers used an XSS, or cross-site scripting, bug to display their own content.
"After the page loads, the XSS bug is used to inject Javascript [a type of web-page programming language] that rewrites the article."
The spoof doesn't work in Internet Explorer 7, but Firefox 2.0 displays the bogus page, Reeve says.
The real page loads when accessed with Internet Explorer 6 too.
"Everything you see in the page is created in the user's web browser," Reeve adds. "Nothing on the Herald server has been changed."
Herald.co.nz's multimedia editor Jeremy Rees said the incident was "a cheap visual stunt, rather than a hack".
"The people who did it did not intrude into our system."
Asked if such a stunt can be dangerous, Reeve says at worst it can trick users into believing they're seeing something on a site that isn't in reality there.
The risk is limited however, according to Reeve, who says the URL or web link address that users follow has to be formatted in a very specific way.
Earlier this month, the Computerworld newspaper, part of Fairfax Business Media, was spoofed in the same way by the Kiwicon hackers.
- © Fairfax NZ News
Sponsored links
Google algorithm measures funny
Second Megaupload co-accused bailed
Review: Kingdoms of Amalur: Reckoning
Protests erupt across Europe against ACTA
Review: Sony HMZ-T1 Personal 3D Viewer
Career destroyed over battle of the planets
NZ police access Facebook evidence
Facebook can alienate people further - study
Brazil files injunction against Twitter
Review: Catherine for Xbox 360
Top selling games in New Zealand
One dead after SH1 crash near Wellington
Driver charged over Allan Hubbard crash
Police find woman's body in Manawatu
Adele's the big winner at Grammys
Proteas expect fiery series against Black Caps
Boxer Richard Tutaki enters guilty plea
Toxic soil fears five years before residents told
Pat Lam still mum on Piri Weepu's Blues role
Qantas grounding 'good for brand'
Seriously ill man found on beach
NZ's best farm land 'already sold off'
Dotcom accused van der Kolk 'flabbergasted'
One dead after SH1 crash near Wellington
Adele's the big winner at Grammys
Body found in Sydney tree identified
Police find woman's body in Manawatu
Woman crushed, friend watched 'helplessly'
Houston died in bathtub - coroner
Tainui leader ousted from board
Second Megaupload co-accused bailed
'Mondayising' could cost $200m
ANZ, Westpac can bank on their brand
