Previous post had live links, but here's a report that came later.
https://blogs.independent.co.uk/2011/07/ ... -password/
The Sun has been hacked by Lulzsec
The Sun has been hacked by Lulzsec
Last edited by faceless on Wed Oct 12, 2011 4:58 am, edited 1 time in total.
-
major.tom
- Macho Business Donkey Wrestler
- Posts: 1970
- Joined: Sun Jan 21, 2007 7:07 pm
- Location: BC, Canada
Cheers, Luke.
Hmmm. The Onion it is not.
Rupert Murdoch Acquires Cable
June 18, 1997 | ISSUE 31•21
LOS ANGELES—Media-industry giant Rupert Murdoch made perhaps his most significant move ever Monday, acquiring cable for his L.A.-area mansion for an estimated $35 a month. "This puts me in strong TV-watching position well into the next century," said Murdoch, who, according to a Wall Street Journal report, also paid a $50 hook-up fee as part of the deal. "With some 50 channels now in my possession, my vast media empire cannot be rivaled." Murdoch acquired the stations by using his vast holdings and market influence as leverage against his local cable provider, who, sources say, approved the deal within four to five seconds. Murdoch promised that the cable acquisition will pave the way for "a historic ass-couch merger."
Hmmm. The Onion it is not.
Rupert Murdoch Acquires Cable
June 18, 1997 | ISSUE 31•21
LOS ANGELES—Media-industry giant Rupert Murdoch made perhaps his most significant move ever Monday, acquiring cable for his L.A.-area mansion for an estimated $35 a month. "This puts me in strong TV-watching position well into the next century," said Murdoch, who, according to a Wall Street Journal report, also paid a $50 hook-up fee as part of the deal. "With some 50 channels now in my possession, my vast media empire cannot be rivaled." Murdoch acquired the stations by using his vast holdings and market influence as leverage against his local cable provider, who, sources say, approved the deal within four to five seconds. Murdoch promised that the cable acquisition will pave the way for "a historic ass-couch merger."
hmmm
the only thing annoying me at the minute is how quickly the Cameron/Coulson story was buried.... someone is makin it disappear,,,
[align=center]<object><param name="movie" value="https://www.youtube.com/v/UXrlmVbPxk4?version=3"><param name="allowFullScreen" value="true"><param name="allowScriptAccess" value="always"><embed src="https://www.youtube.com/v/UXrlmVbPxk4?version=3" type="application/x-shockwave-flash" allowfullscreen="true" allowScriptAccess="always" width="640" height="390"></object>[/align]
there's not a mention of this story on any of the main British media sites. The BBC, Sky, The Mirror, The Daily Mail - not a word.
Though it's mentioned on just about every other english speaking media website around the world - and WalesOnline...
All of News International's sites are down with the exception of Sky News. The Times, The Sun, The NOTW and their official site Newsinternational.co.uk
Though it's mentioned on just about every other english speaking media website around the world - and WalesOnline...
All of News International's sites are down with the exception of Sky News. The Times, The Sun, The NOTW and their official site Newsinternational.co.uk
How LulzSec hacked the Sun's website
Weakness in disregarded server was used to gain access to News International systems and then redirect traffic to fake web page, and then to LulzSec's Twitter feed
The LulzSec attack on News International's systems to redirect readers from the Sun to a fake story, and to try to get at its internal email store, appears to have been two-pronged.
Some of the more skilled hackers, including some from the hacker collective Anonymous, had been probing it in detail for about two weeks before the hack. One was to break into its email archive; the other was to hack and "deface" the site itself, by putting up a fake story – the same method LulzSec originally came to attention by doing when it hacked the PBS site to claim that Tupac Shakur was not dead.
However as far back as 2009 a weakness was found in the "Contact us" form of the Sun's site that meant that it could be used to attack the database holding emails for the system.
Some former News International employees' names and mobile phone numbers have been given out on Twitter by people affiliated to the hacker collective Anonymous. However, they are not current: some include people who left the company in 2007. But that also implies that they may have access to email archives dating back to when some phone hacking occurred.
Monday night's hack of the Sun occurred because one of the hackers found a weakness in a "retired" server for the News International "microsites" – used for small or unimportant stories – running Sun's Solaris operating system.
The most likely candidate for that hack – which would use the weakness discovered in 2009 – is the "mailback" page at https://www.new-times.co.uk/cgi-bin/newtimesmailback, which on Tuesday morning had been deactivated, along with the whole of the new-times site.
The server hosted the outdated "new-times.co.uk" site put up when the Times was building its paywall.
The hacker used that and then ran a "local file inclusion" program to gain access to the server – meaning they had extensive control over it.
That then gave them access across large parts of the News International network, possibly including the archived emails, and to the Sun's "content management system" (CMS) – which formats news onto pages. That will have included the code for the "breaking news" element of the Sun's main webpage; changing the entire content on the page would be too obvious.
By including a line of Javascript in the "breaking news" element, the hackers were able to ensure that anyone visiting the Sun's home page would, as the ticker was automatically refreshed, they would be redirected to anywhere that the hackers chose.
Initially they made it redirect to a fake page they had created at new-times.co.uk/sun which attempted to look and read like a Sun story claiming that Rupert Murdoch had been found dead. That page used a template of another story that first appeared on 14 July, suggesting that the hackers either grabbed an archived story or have had access since then.
After the team at News International tried to regain control, the hackers then redirected the main News International page to the Twitter page for LulzSec.
But the problems for the News International team aren't over. A number of email addresses and passwords were being tweeted last night on various feeds – implying that the hackers may have gained access to the email archive and be preparing to release it. If that happens, the effects could be titanic.
https://www.guardian.co.uk/technology/20 ... un-website
Weakness in disregarded server was used to gain access to News International systems and then redirect traffic to fake web page, and then to LulzSec's Twitter feed
The LulzSec attack on News International's systems to redirect readers from the Sun to a fake story, and to try to get at its internal email store, appears to have been two-pronged.
Some of the more skilled hackers, including some from the hacker collective Anonymous, had been probing it in detail for about two weeks before the hack. One was to break into its email archive; the other was to hack and "deface" the site itself, by putting up a fake story – the same method LulzSec originally came to attention by doing when it hacked the PBS site to claim that Tupac Shakur was not dead.
However as far back as 2009 a weakness was found in the "Contact us" form of the Sun's site that meant that it could be used to attack the database holding emails for the system.
Some former News International employees' names and mobile phone numbers have been given out on Twitter by people affiliated to the hacker collective Anonymous. However, they are not current: some include people who left the company in 2007. But that also implies that they may have access to email archives dating back to when some phone hacking occurred.
Monday night's hack of the Sun occurred because one of the hackers found a weakness in a "retired" server for the News International "microsites" – used for small or unimportant stories – running Sun's Solaris operating system.
The most likely candidate for that hack – which would use the weakness discovered in 2009 – is the "mailback" page at https://www.new-times.co.uk/cgi-bin/newtimesmailback, which on Tuesday morning had been deactivated, along with the whole of the new-times site.
The server hosted the outdated "new-times.co.uk" site put up when the Times was building its paywall.
The hacker used that and then ran a "local file inclusion" program to gain access to the server – meaning they had extensive control over it.
That then gave them access across large parts of the News International network, possibly including the archived emails, and to the Sun's "content management system" (CMS) – which formats news onto pages. That will have included the code for the "breaking news" element of the Sun's main webpage; changing the entire content on the page would be too obvious.
By including a line of Javascript in the "breaking news" element, the hackers were able to ensure that anyone visiting the Sun's home page would, as the ticker was automatically refreshed, they would be redirected to anywhere that the hackers chose.
Initially they made it redirect to a fake page they had created at new-times.co.uk/sun which attempted to look and read like a Sun story claiming that Rupert Murdoch had been found dead. That page used a template of another story that first appeared on 14 July, suggesting that the hackers either grabbed an archived story or have had access since then.
After the team at News International tried to regain control, the hackers then redirected the main News International page to the Twitter page for LulzSec.
But the problems for the News International team aren't over. A number of email addresses and passwords were being tweeted last night on various feeds – implying that the hackers may have gained access to the email archive and be preparing to release it. If that happens, the effects could be titanic.
https://www.guardian.co.uk/technology/20 ... un-website
Last edited by faceless on Wed Oct 12, 2011 4:59 am, edited 1 time in total.
