Feeds

Phoenix Mars website invaded by hackers

Take me to your Web-app developer

Secure remote control for conventional and virtual desktops

Add the webpages for the Phoenix Mars Lander to the list of high-profile sites that have been hacked by script kiddies. Not once, but twice.

Security pros had to take down the University of Arizona-hosted site after hackers replaced the lead blog entry with graffiti that read "hacked by VITAL." As if that wasn't enough, members of the self-declared "sql loverz crew" redirected baffled visitors of the Phoenix mission's official webpage and a companion site to a third-party destination. That page gave credit to hackers going by the names BLaSTER and Cr@zy_king.

Red is the color of the Martian surface, but it seems it also describes the faces of security pros responsible for the sites. Evidently, they had better things to do than vet their scripts for SQL-injection vulnerabilities. So these hackers were willing to step in and test the sites for them.

Not that these sites are by any means alone. Over the past few months, millions of webpages - some belonging to the US Department of Homeland Security, the United Nations and the UK Civil Service - have been hit by similar exploits. The attacks aren't the result of vulnerabilities in the database or web services software provided by Microsoft, Apache and others, but rather in the custom-made web applications built on top of them.

There are no reports that redirected visitors in this latest episode were exposed to links that attempted to silently install malware on their machines. But carrying out such malicious attacks would have been trivial for these hackers. We're wondering how much longer it's going to take the world's web developers to get on top of the SQL-injection epidemic that's sweeping the net.

In the meantime, we'll be hunkering down with the Firefox browser and the NoScript extension. It's not perfect, but in this environment of haphazard web security, it's essential. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.