High-profile New Zealand websites hacked
Summary
Topics
Microsoft's main site was defaced, together with the sites for MSN, Windows Live, Hotmail and MSDN.
The sites have been defaced with political messages such as 'Stop the war Israel' and the hackers' online nicknames. At this stage, it is not known if any user data, such as Hotmail emails, was compromised by the hackers.
A Microsoft New Zealand spokesperson referred media queries about the attack to MSN's PR agency, but offered no further comment. The hacked copies of the sites are being mirrored at Zone-H.
An industry source that made ZDNet.com.au aware of the hacks pointed out that all the domains in question were registered via Domainz, a subsidiary of MelbourneIT.
The source believed the hackers were able to inject name server records for the domains in question through Domainz. Looking up the IP address for the injected name server record showed that the system in question is hosted at leaseweb.com in the Netherlands.
Domainz, however, said it did not know yet how the hack was done, but a manager told ZDNet.com.au that the company was aware of the attacks and is looking into it. The manager was not aware of how many domains had been compromised by the hackers.
The article was originally posted on ZDNet Australia.
Talkback Most Recent of 7 Talkback(s)
-
I'm sorry, there must be some mistake, Domainz runs on Apache/Linux.
I've been led to believe that only IIS gets hacked and that *nix is immune to all hacking. Either this article is wrong or Netcraft is wrong. Which is your pleasure?
NonZealot21st Apr 2009 -
The information available
actually hints at an application-level
vulnerability. There's no SQL to inject at
either IIS nor Apache.
SQL injection vulnerabilities are most common
in PHP and old-style ASP (i.e. not ASP.NET)
applications. Especially PHP with variable
interpolation and an early culture of not
supporting parameters in db libraries is a
liability. So much so that several products
based upon made their vendors make the
top 10 list of most vulnerable vendors.
Both PHP and old-style ASP still makes it a
pain to use parameterized statements compared
to synthesized (and often vulnerable)
statements. Thus luring incompetent and
amateurish developers down the wrong path.
honeymonster21st Apr 2009 -
Of course you are right
I'm using ABMer logic back against them. Whenever any problem appears on the Windows platform, there is never any analysis as to what the root cause was, the immediate answer is "Switch to Linux / OS X". The truth is that 99% of the people who get hacked / hit by malware are hit because of something that has nothing to do with the underlying OS and switching will not solve their problems. SQL injection works just as well on Linux / Apache as it does on Windows / IIS.NonZealot21st Apr 2009 -
..and they actually appear to run old ASP
which *is* a Microsoft technology.
But as I said above: This was an attack
performed through an SQL injection
vulnerability. It is an application level
vulnerability for which the application
developer is responsible, not the OS or
programming language (although the language can
make it harder or easier to avoid such
vulnerabilities).honeymonster21st Apr 2009 -
RE: High-profile New Zealand websites hacked
Had to be a linux fanboy. No one else would commit such a horrible crime and we know what a bunch of ruthless savages linux users can be. Plus this was a targeted attack at Microsoft, and no one hates Microsoft more than linux fanboys.
Loverock Davidson21st Apr 2009 -
"and no one hates Microsoft more than linux fanboys."
Eh? How 'bout iFanbois?honeymonster21st Apr 2009 -
RE: High-profile New Zealand websites hacked
Do these delinquents think that mass vandalism makes people *more* supportive of their "cause"???
BLBdeliver21st Apr 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
