Ad Feedback
BREAKING NEWS
Shooting incident at Tauranga hospital ... More soon
Close

Hackers hit New Zealand Herald website

Stuff.co.nz
Last updated 00:00 29/08/2007
Print
Text Size
PWNED: The NZ Herald's website has been hit by hackers who replaced an article on the future of the internet with a parody promoting an upcoming hackers conference.

Relevant offers

The New Zealand Herald's website fell victim to a page spoofing stunt earlier today, by hackers wanting to publicise their upcoming Kiwicon security conference in November.

In this case, the spoofing meant the hackers displayed a parody of a Herald article to users, rather than a real one, when surfers called up an article on the future of the internet.

"Metlstorm", one of the organisers of Kiwicon Wellington, says it's comparable to taping a fake article into a printed copy of the Herald, before giving the paper to a reader.

The bogus article was marked clearly as "a joke", he says, and contains "wildly unreasonable comment that no sane person would believe."

He is at pains to explain that the stunt is harmless and wasn't a real hack, in the sense of breaking into any systems.

Web developer Dylan Reeve of Bunker Media in Auckland says the hackers used an XSS, or cross-site scripting, bug to display their own content.

"After the page loads, the XSS bug is used to inject Javascript [a type of web-page programming language] that rewrites the article."

The spoof doesn't work in Internet Explorer 7, but Firefox 2.0 displays the bogus page, Reeve says.

The real page loads when accessed with Internet Explorer 6 too.

"Everything you see in the page is created in the user's web browser," Reeve adds. "Nothing on the Herald server has been changed."

Herald.co.nz's multimedia editor Jeremy Rees said the incident was "a cheap visual stunt, rather than a hack".

"The people who did it did not intrude into our system."

Asked if such a stunt can be dangerous, Reeve says at worst it can trick users into believing they're seeing something on a site that isn't in reality there.

The risk is limited however, according to Reeve, who says the URL or web link address that users follow has to be formatted in a very specific way.

Earlier this month, the Computerworld newspaper, part of Fairfax Business Media, was spoofed in the same way by the Kiwicon hackers.

Ad Feedback
Technology Headlines
RSS

Review: Assassin's Creed 2

Review: Left 4 Dead 2

PC Buyer's Guide: Video Cards

Make the web work for you

New hope for Google super-phone

Google PC to start in 7 seconds

Asus top, HP not in reliability study

The top 10 internet moments

YouTube adds auto-captions

Bebo to shut down in Australia - report

Google vies for slice of VoIP

Plenty to watch on internet TV

Aussies map robotic future

AOL to cut one-third of workforce

Ad Feedback
Stuff Headlines
RSS

NSW prepares for more extreme heat

Drunk, unruly police punished

Praying for Ben after explosion

Buy your furniture or we'll sell it, Crown tells ministers

Sting's ghostly encounters

Oprah says ending show 'feels right'

Police officer killed as floods devastate UK

Miley Cyrus tour bus overturns, one dead

Huge European football match-fixing ring exposed

Moro production to move to Australia

Nice Kiwi blokes - shame about the women

Kiwi Kevin Percy claims Harry Potter castle

McCaw to skip three Super 14 matches

Unlocking the counter-attack key for All Blacks

Special offers
Opinion poll

What's your top game of the year?

Uncharted 2: Among Thieves

Batman: Arkham Asylum

Call of Duty: Modern Warfare 2

Left 4 Dead 2

Assassin's Creed 2

Guitar Hero 5

The Beatles: Rock Band

Another game

Vote Result

Related story: Uncharted 2 leads game awards nominations

Featured Promotions