IBM's DeveloperWorks Website Hacked

Wednesday, January 12, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

IBM's DeveloperWorks website was breached by hackers over the weekend, and several pages of the site were defaced with messages from those responsible for the hack.

IBM was quick to repair the site, but copies of the defacements were posted at other sites on the web.

The messages left by the hacker(s) read: "Defaced by Hmei7," and, "You have been Hacked !!!, not because of your stupidity That's because we love you, and we want to warn you That your web still has large of vulnerability."

IBM stated that there were no security concerns arising from the breached website, and that no accounts or user passwords were exposed.

Security firm Ariko Security claims to have warned IBM about flaws on the website months ago, including the risk of iFrame injections, cross-site scripting (XSS), and directory traversal vulnerabilities.

Ironically, IBM researchers had themselves found Document Object Model (DOM) vulnerabilities in the websites of some of the biggest corporations in the world - but apparently they may not have included the DeveloperWorks in their survey.

In a survey of the websites belonging to all Fortune 500 listed companies and an additional selection of 175 other businesses, researchers found that nearly fifteen percent contained serious security flaws.

The vulnerabilities leave the sites open to cross-site scripting (XSS) and open redirect exploitations, both favorites of criminal hacking networks.

Possibly Related Articles:
5951
Breaches
XSS Vulnerabilities iFrame Injection Headlines websites hackers IBM breach
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.