Got Hacked?
This is what tech folk at RIAA, the “Famous” Recording Industry Association of America, been facing for the past few days.
Apparently, some geeks found out that RIAA’s main web site is powered by an older version of Exponent Content Management System (CMS). This version of the CMS contains many vulnerabilities including “SQL Injection”. As soon as this piece of information is realeased through posts on Reddit, some “happy” people started to “experiment” around the exploit. Eventually, the site was brought down and some hacker made the site to link to popular pirate sites like Pirate Bay.
As we all know, the worst of the worst bug to have on a public serviced web site is “SQL Injection”, especially if the site’s database stores high sensitive information. In this case, I doubted that RIAA had anything valuable to anyone.
This all goes back to the hot topic of “Security”. Rule number one: treat every visitor as if he/she is evil. Apparently to RIAA, only single Mom and poor college students who jack a couple mp3s are evil. Like one of the comments on Reddit points out:
I guess that’s the kind of thing you get when you hire more lawyers than programmers.
Of course RIAA has restored their site. But to replace with another version of CMS or a different solution might take while. So be aware, it will go down at any moment again.
At the mean time, check out the post on Reddit.
RIAA with no Contents
RIAA displaying links to Pirate Bay
Cross Site Scripting Hack
this is cool