(via F-Secure security blog)
I used to keep track of hacked web sites every day. It was a fun hobby until there were so many hacked sites every day I couldn’t keep up any more. That was over 4 years ago. Still, every once in a while, a major site gets hacked and makes the news. When it happens, I hate being so late finding out about it. Now that I have a site, though, I can at least post about it. That said, check it out:
Netscape.com has been hacked via a persistent Cross Site Scripting (XSS) vulnerability in their newly launched Digg-like news service. Attackers (who are obviously fans of Digg) have used the XSS vulnerability to inject their own javascript code snippets into pages on the website, including the homepage. As of now, it has only been used to display javascript alerts with “comical” messages and to redirect visitors to Digg.com!
Check out additional screenshots here and here.
Fortunately no one has tried to inject malcious code… yet.
We’ll finish our draft with more on the potential dangers of XSS for you soon.
[tags]Hacking, Hacked website, Netscape hacked, Netscape, F-Secure[/tags]