Fun_People Archive
27 Sep
Webmaster Lets Sites Hack Themselves

Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Sat, 27 Sep 97 14:39:23 -0700
To: Fun_People
Subject: Webmaster Lets Sites Hack Themselves

Forwarded-by: Nichael Lynn Cramer <nichael@sover.net>
Forwarded-by: "Glenn S. Burke" <gsb@harlequin.com>
Forwarded-by: mathew <meta>
From: Wired News <URL:http://www.wired.com/news/news/culture/story/7185.html>:

	Webmaster Lets Sites Hack Themselves
	by Mike Tanner

5:02am  25.Sep.97.PDT When A.H.S. Boy secured the domain graphics.com this
month for a nonprofit Web resource for graphic designers he was building,
it seemed like a real coup for his nascent site. That is, until the address
started logging thousands of hits while it still consisted merely of an
"under construction" marker page. It soon became apparent that the flood of
links was caused by a browser quirk that caused certain kinds of badly-coded
graphics URLs to link to his domain.  Boy seized upon the serendipitous
glitch as an opportunity to passively hack those sites that erroneously
linked to his, loading them with banners featuring subversive slogans.

For the past several weeks, therefore, unwary visitors to sites, including
those for such corporate and political powers as Packard Bell, Corel, and
the government of Hong Kong, have been confronted with graphics telling
them, "You are only a resource for profit" or, "Revolution is the most
beautiful word."

"Of course returning these very subversive graphics that some of these sites
are getting, probably won't make the owners of these sites very happy," says
Boy, who runs sites for a situationist organization, an Austrian arts group,
a bookstore, and his own shareware business off the same server. To show
there's no ill-will intended, however, he puts the URL to his site on all
the banners, and offers a page explaining how to fix the broken links.

Since many webmasters put their graphics files in a folder labeled
"graphics," the "hack" takes advantage of intelligent browsers' default
tendency to interpret "graphics" in badly-coded links as "www.graphics.com."

[...]

--
"It's fixed in R4."
prev [=] prev © 1997 Peter Langston []