dcsimg
RealTime IT News

Digg Fans Deface Netscape Site

Web site defacement pranks are nothing new, just ask the webmasters for the MPAA and RIAA. Usually there are motives to the hacks.

The MPAA and RIAA typically get hacked for their strong-arm tactics in dealing with piracy on the Internet.

The latest involves a hack on Netscape.com by fans of the community-driven news aggregator Digg.

There has been more than a little resentment on the part of the Digg community over the new look of Netscape.com, since it looks almost exactly like Digg.

The hack was performed with a persistent cross site scripting vulnerability in the Netscape.com home page.

XSS is a security vulnerability typically found in Web applications in which a hacker can compromise the same origin policy of JavaScript or another scripting language.

Same origin policy prevents a document or script loaded from one "origin," or Web site, from getting or setting properties of a document from a different point of origin.

That way, someone can't hijack Amazon.com and send down malicious JavaScript while you're shopping for books and DVDs.

In this case, the hackers just engaged in a simple prank, making JavaScript alerts pop up with joke messages and redirecting visitors to Digg.com.

Time-Warner, the parent company of Netscape.com, said security of the site was never compromised and that the cross site scripting vulnerability has been fixed.

They aren't too upset about it but they aren't taking the hack lightly, either.

"We obviously take any type of security issue seriously and we're working to insure they don't happen again," said Andrew Weinstein, a spokesman for Time-Warner.

When contacted by internetnews.com for comment, Digg CEO Jay Adelson wrote: "While I'm not familiar with the details, I'm disappointed to hear about this and want to emphasize how strongly I disapprove of this type of activity."

Digg users have been rather vocal in their disapproval of the Netscape.com overhaul, and some users expressed approval of the hack.

"Netscape is getting what they deserve, classic. Hopefully they learn from this and focus their energy on other issues pressing the company... such as future bankruptcy," wrote Digg community member Yaku83.

"I don't condone hacking, but Jason [Calacanis, Netscape's editor] had this coming. You don't steal an idea from a community as big as digg and walk away without pissing somebody off," said Digg user SupaDawg.

But the bulk did not like the activity and felt it made the Digg community look childish.

"This is SO LAME. Since when has hacking a website been good news? Get over it guys, There is no need for this animosity over Netscape's clone of Digg, let them be. We're the leaders in this field, they are the wannabes. WHO CARES," wrote ZaNkY.

Perhaps user tizz66 said it best: "You'd all be spitting fire if a Netscape user had hacked digg. Wouldn't be 'a little prank' then, would it?"