Tuesday, January 11, 2011
IBM DeveloperWorks site hacked and defaced
IBM DeveloperWorks site hacked and defaced
"You have been Hacked !!!, not because of your stupidity That's because we love you, and we want to warn you That your web still has large of vulnerability."
"You have been Hacked !!!, not because of your stupidity That's because we love you, and we want to warn you That your web still has large of vulnerability."
One security firm, the Oświęcim, Poland-based Ariko Security, claimed on the Full Disclosure list that it contacted IBM seven months prior to this breach to warn the company of the site's vulnerabilities. Ariko employee Maciej Gojny identified a number of techniques that could be used to gain access to DeveloperWorks and a number of other IBM sites, including Cross-Site Scripting (XSS), Directory Traversal and Frame Injection.