Computer Crime Research Center


Hack attempt

Date: November 24, 2007

While investigating a hack attempt, a security researcher from Cambridge University’s computer science department has stumbled on a way to use Google as a password cracker.

When the depatment’s Light Blue Touchpaper Wordpress blog was compromised by a hacker recently, researcher Steven Murdoch decided to do a little detective work to see what methods the hacker had used to get in and snoop around, and if anything had been changed.

What he found was due to an SQL injection weakness in the Wordpress installation, the hacker was able to upgrade his account from a user with comment posting privileges to a full administrator. The account was disabled soon after the initial breach, however, during the clean up Murdoch found himself intrigued by what password the hacker had been using.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo