blob: 80ca4a7518f70a9adac3cae343a6caff1b13589a (
plain)
1
2
3
4
5
6
7
8
9
|
Facebook wasn't the only site with security troubles this weekend. The United Nations website was attacked by "hacktivists," who replaced speeches by secretary-general Ban Ki-Moon with pacifist messages.
As with the [Facebook code breach][3], the U.N. site left itself open to attack by failing implement industry standard security measures. In the case of the U.N., hackers gained access via a well-documented SQL injection flaw (passing unescaped strings, which allowed the attacker to inject their own SQL).
While the site was quickly restored and the injected content removed, Hackademix, a security blog, [captured the attack in some screenshots][1]. Hackademix also [notes][2] that the U.N. site is likely not yet protected against similar attacks in future.
[1]: http://hackademix.net/wp-content/uploads/2007/08/un-ss2.png
[2]: http://hackademix.net/2007/08/12/united-nations-vs-sql-injections
[3]: http://blog.wired.com/monkeybites/2007/08/amatuer-program.html
|
