Funny thing: The RIAA apparently got hacked. The attackers used an SQL Injection vulnerability to manipulate the database. I never cease to be amazed how easy it is to find such flaws in web applications.
I have no idea what used to be on the news room page, but an SQL Injection can’t do this. Either someone found something a lot worse (or better, depending on your point of view), or the RIAA did this to themselves.
While I’m writing this, it sounds like a great conspiracy theory. The RIAA hacks itself in order to proof that people who share music are indeed criminals ;).
While I’m at it, this is not the first time that companies enforcing IP or connected to such companies got hacked. A group of guys seem to have stolen and leaked emails from MediaDefender for example. Not quite a hack, but also interesting is the fact that IFPI obviously forgot to renew their domain registration and the pirates took them gladly.
[Update: The RIAA seems to have fixed the issue, so I updated the old links to a screenshot I took while the page was still offline]
Picture of Pirate Eye by Cayusa
Tags: Crack, Cracked, Deface, Defacement, Hack, Hacked, Music, Pirates, RIAA, Security, Share, SQL Injection, Vulnerabilities, Vulnerability
January 23, 2008 at 1:32 pm
how to avoid hacks ?????????
January 23, 2008 at 3:25 pm
Amazing, the first comment on this blog ever. Thanks!
So, to answer your question: You’ll never reach 100% security. It’s just not possible. However as they say that SQL Injection was used to hack the RIAA website, this was a classical web application flaw. While I can’t describe all the programming errors one might make to introduce a vulnerability, what I can do is point you to the OWASP Guide, which is a comprehensive guide on how to build secure web applications. I can really recommend to read it, if you want to know more about web application security.
Best Regards,
Cyberphob1a