The news website of the Vatican, the official news publication of the Holy See was hacked to call God an onion.
The hacker who discovered the vulnerability is a Belgian who goes by the name of Inti De Ceukelaire. The hacker made a change to a post on the website that falsely stated that Pope Francis had declared God to be an onion.
De Ceukelaire said that he discovered a vulnerability on the Vatican news site, a flaw that allows cross-site scripting (XSS) in which anyone could exploit to publish their fake news
The hacker explained that he didn't want to do what he did. Instead, he told the admin(s) of the website about the unpatched flaw on nine different occasions but yet they failed to act and then he was forced to act.
"I saw the Vatican had a new website a while ago," De Ceukelaire told Zdnet. "Whenever a huge platform launches a news communication platform, I check it out. I want to see what technologies or software they 're using, how they follow design trends and whether they have innovative features. I don't necessarily look for vulnerabilities, but this one was pretty obvious".
Normally, when a security researcher discovers a flaw, they inform the owner of the product or whatever that was involved and then give them time to address the issue. This act is called ethical disclosure.
However, if the vendor fails to patch the issue, the security researcher is then forced to make the discovery public. The negative side of the flaw going public is that the vendor would receive bad press and also lose their customers' trust as many customers would dump their service. As a result of this, the company would be forced to take actions.
De Ceukelaire has been involved in some high profile discoveries. Last September, he made public how to access corporate messages on messaging apps like Yammer and Slack by exploiting publicly-accessible help-desks and bug trackers
In February 2017, he redirected several links in Donald Trump's old tweet to some embarrassing content. He also used the publicly accessible online information to get the contact details of Melania Trump and the used it to invite FLOTUS to his hometown.
0 comments:
Post a Comment