back to article Phoenix Mars website invaded by hackers

Add the webpages for the Phoenix Mars Lander to the list of high-profile sites that have been hacked by script kiddies. Not once, but twice. Security pros had to take down the University of Arizona-hosted site after hackers replaced the lead blog entry with graffiti that read "hacked by VITAL." As if that wasn't enough, …


This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Down

    Regardless of how vulnerable the site was to SQL injection

    it is ultimately the responsibilty of the morons who did this. Leaving my door unlocked may be foolish, but it doesn't make it okay for someone to walk in and wreck my stuff.

  2. Brad

    Come on guys, think bigger

    Hack the freakin lander if you want to show true skillz. Use the arm to carve your tag in the martian soil.

  3. Don

    Brad = WIN!

    I'd love to see Mars get tagged!

  4. Anonymous Coward
    Anonymous Coward

    Here hacker is being used incorrectly

    That is because the terms script kiddie and hacker are being used together; that is an oxymoron.

    And of course there is artistic license, because later we find the crackers are claiming to be hackers; but what do these script kiddies know, they could be claiming to be the love children of Turing and Von Rossum, it does not make it true.

    SQL injection is not hacking, and the security pros are not pros if they have claimed a site to be secure that is vulnerable to SQL injection.

    As to the problem of SQL injection, well if you know your stuff it is not hard to stop it.

    It is only set to get worse though, as more fuzzers start to come online.

  5. Nordrick Framelhammer


    Come on. We are talking script kiddies here. They have no real hacking ability. All they can do is leech of someone elses work then claim the "glory". But, as we all know, they are nothing more than spotty faced, socially challeneged, unlikely to get laid nothings who can only get their jollies by waving their tiny, flaccid e-peens around as though they actually have a skill, instead of using some crap "toolkit" that they downloaded using mummy and daddies credit card and probably ending up with their and their families computers being rootkitted into the bargain.

  6. Gary F

    The answer is...

    Developers should use stored procedures and tell their db server not to server up any other requests apart from SPs. That way it makes it impossible to execute a sql injection attack. (Plus use the usual anti-scripting tactics - never let your guard down.)

  7. Seán

    Bas show

    This isn't some shitbag corporation or filthy governmental oppression centre they're messing with, it's a scientific mission of importance to Humanity. They should tag the site and then send a patch to stop it happening again.

  8. Joseph Helenihi

    Headline, tagline

    "Phoenix Mars website invaded by hackers"

    "Take me to your Web-app developer"

    Funny, good and funny. Another reason to love el Reg.

    As for the script kiddies tagging the Martian soil, it's only a matter of time, right?

  9. Anonymous Coward
    Dead Vulture

    Why publish their tags?

    The script kiddies almost certainly consider this article a bonus. Just miss out their pseudonyms to cancel that out. Better still, publish their true names and addresses.

  10. Never Youmind

    They could have done much more

    Imagine if they had an imagination and spoofed the site with news of a real live alien found on mars.

    Such an opportunity wasted. HGWells they are not.

  11. wobbly1
    Paris Hilton

    @ Anonymous Coward

    Your analogy; ("Leaving my door unlocked may be foolish, but it doesn't make it okay for someone to walk in and wreck my stuff.") doesn't quite work The website is more like a sports centre , it is intended that people visit. This "visit" by the intruders is more like a bloke in cartoon burglar costume wandering around the changing room with a notice saying "How safe is your wallet? i walked through the staff entrance dressed like this unchallenged."

    I wonder if is as vulnerable

    Reduce the chance of a drive by... use NoScript and firefox.

  12. This post has been deleted by a moderator

  13. Richard Bos


    Firefox with Noscript extension... so, that would be Opera clean out of the box, then?


  14. GettinSadda

    Low Imagination

    These kiddies really are poor "hackers" if all they did was tag the site.

    If I had broken into the Phoenix site I would have changed the front page to announce that intelligent life had been found on the surface - then sat back and watched various news services embarrass themselves by publishing the info!

  15. Anonymous Coward


    At the end of the day it's just not right, that's the problem today. Some people do not exhibit any form of self conciousness and feel what they do is OK regardless of how it effects others.

    They should be locked up and dealt with for many years, after several thousand have done this the message should then sink into their little script kiddie brains and act as a deterrent to others.

    Mine's the one with the handcuffs

  16. Geoff Mackenzie

    The answer is

    Taint Mode, obviously.

  17. Anonymous Coward
    Anonymous Coward

    @ Regardless

    AC, I'm afraid Reg readers generally would find that OK. It'd be your fault for leaving your door unlocked, and you'd deserve it. In fact, you shouldn't even be allowed to have a house by their standards. And going by the comments on this particular thread, even if you had secured your house as best you could, anyone breaking in would actually be their hero if he'd hand-crafted some burglary tools instead of picking up a brick someone else had made to break a window. Obviously, that particular window would have to have a dodgy alarm on it or whatever, to pre-empt smartarse comments about it not being totally secure etc. etc. Oh, and the guys here, were they criminally inclined, would of course have produced the materials for the tools themselves blah blah blah ...

  18. ImaGnuber

    @AC re:Regardless

    Brilliant. Bang on.

  19. Anonymous Coward
    Anonymous Coward

    @Low Imagination

    I'd probably of told them that we were now at war with the unknown aliens, create a few fake transcripts - have a real giggle.

  20. Gareth


    "Red is the color of the Martian surface, but it seems it also describes the faces of security pros responsible for the sites"


  21. Anonymous Coward
    Jobs Halo

    Firefox fanboys.

    I fail to see how using NoScript and Firefox could have avoided this "hack".

    The "hackers" themselves would need NoScript installed to prevent themselves from confusing AJAX into injecting SQL.

    Silly Firefox fanboys...

    Get Safari ;)

  22. ImaGnuber

    @AC re:Regardless again

    Had to reread that as it is such a brilliant summary of expected comments.

    Thanks for making me laugh.


  23. Nordrick Framelhammer

    @AC crApple fanboi

    Running a browser that, without asking my permission, downloads files or blindly allows well known iframes hacks and who's designers can't be bothered to actually fix the problem ain't going to hunt.

    But then again, what else do you expect from a company whose product sells pretty much because it is nothing more than eye candy. Why buy Mac when you can get more for less with a PC and Linux?

    And if this browser is so good, why did crApple feel the need to forcibly and fraudulently install it on the computers in a failed attempot to boost it's pathetic 1 to 2% market share. Somewhat ironic since crApple are claiming a 7%+ market share, which means that the vast majority of crApple users are installing Firefox rather than using Safari on it's native platform. Speaks volumes.

    Opera? Why install bloatware? I want a web browser to browse the web, not do email, etc. Bollox to apoplication convergence. They are always a compromise.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019