google

Tuesday, March 10, 2009

Telegraph.co.uk Gets Hacked Using SQL Injection - itproportal.com - 9 Mar 09

Another day, another high profile hack; this time, the online website of British UK newspaper Telegraph has apparently been compromised by Romanian whitehat hacking group, Hackersblog.

The group, which aims to put online security problems under the spotlight, provide information that is "a security alarm for internet users and those who forget to pass their scripts through a security check."

Using a suite of web application security testing tools that runs on Mozilla's Firefox browser, a Hackersblog blogger by the name of Unu managed to have exposed users' passwords as well as their emails in plain text rather than hashed.

He managed to reach the 700,000th email address, pointing to the fact that this can be a real treasure for spammers. The Telegraph has yet to reply to the serious claims or post a disclaimer.

According to Softpedia, another Romanian tech website, Unu has been responsible for exposing many other vulnerabilities at Kaspersky Labs, Bitdefender and the National Lottery's website.

Hackersblog has been quite busy lately as they managed to penetrate Symantec's Document download Center section using a SQL injection attack, described as a "blind SQL Injection attacks".

Telegraph subscribers are strongly advised to change their passwords especially if they have been used elsewhere.

If this is right, the Telegraph (and certainly many other news websites) could be in big trouble. Hackers start to turn their unwanted attention to UK online news websites following Hackersblog disclosure. Should this ethical hacker website be silenced? Certainly not. They act as whistle-blowers highlighting what amounts to gross negligence by firms which should have known better.

No comments: