14 DAY TRIAL // An Australian site has been "hacked" by a computer geek. Nothing bad actually happened, but a lot of people started thinking that the web page had been defaced, as it showed a rather political statement. It said that John Howard liked to suck blood in one case, and d*** in another.
This is really funny! Some people will panic a lot thinking that they got hacked when actually only a little cross site scripting is involved.
So, what actually happened is that Brett Soric, a computer whiz, exploited XSS and allowed users to post comments on the (Liberal Party's) website, and make them appear as if they were from officials. He didn't actually do anything bad, only gave them the tools to do "evil". In a ZDNet report, Soric stated that he is innocent and that he did not post those comments, but other users did.
"So far I've been assuming that the police will understand what's happened before trying to find me," said the "hacker" in an e-mail interview for ZDNet. "Someone else posted the "I like to suck d*** [comment]" he continued.
So, even though some have been quite agitated on this matter, there was no real hacking involved. He didn't actually access their servers nor did he modify anything, this was just cross site scripting (XSS) at work.
While employing cross site scripting one could cause a web browser to execute (malicious) code. As Wikipedia explains it, XSS is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. You may find more information here.