RIAA Website Wiped Clean by ?Hackers?
Apparently the RIAA is so busy suing consumers that they forgot to hire a decent programmer. With a simple SQL injection, all their propaganda has been successfully wiped from the site.
It started out on a social news website, where a link to a really slow SQL query was posted. While the users were trying to kill the RIAA server, someone allegedly decided to up the ante and wipe the site?s entire database.
The comments are only speculation so far. Based on the username, which was apparently, it might not have been setup correctly, or someone could have found another way to delete the content form the site.
Another possibility is that the website has some sort of database flood protection that disables new connections, or perhaps the RIAA themselves removed the content temporarily. The latter seems unlikely, as a better solution would be to take it entirely offline to fix the bigger problem. While they could fix a small vulnerability like this in a matter of seconds, the chances are it?s not an isolated problem.
As pointed out by Haywire, playing around with the urls a bit can return some funny results. It is pretty easy to make the RIAA link to (torrent site) for example.
For now it sure does look like all the content has been wiped from the RIAA homepage. Let?s hope they have backups, or not.
Update: After a few hours the RIAA restored the site. They seem to have fixed the vulnerability, but we have saved some screenshots.
Update: They didn?t fix it all,
Apparently the RIAA is so busy suing consumers that they forgot to hire a decent programmer. With a simple SQL injection, all their propaganda has been successfully wiped from the site.
It started out on a social news website, where a link to a really slow SQL query was posted. While the users were trying to kill the RIAA server, someone allegedly decided to up the ante and wipe the site?s entire database.
The comments are only speculation so far. Based on the username, which was apparently, it might not have been setup correctly, or someone could have found another way to delete the content form the site.
Another possibility is that the website has some sort of database flood protection that disables new connections, or perhaps the RIAA themselves removed the content temporarily. The latter seems unlikely, as a better solution would be to take it entirely offline to fix the bigger problem. While they could fix a small vulnerability like this in a matter of seconds, the chances are it?s not an isolated problem.
As pointed out by Haywire, playing around with the urls a bit can return some funny results. It is pretty easy to make the RIAA link to (torrent site) for example.
For now it sure does look like all the content has been wiped from the RIAA homepage. Let?s hope they have backups, or not.
Update: After a few hours the RIAA restored the site. They seem to have fixed the vulnerability, but we have saved some screenshots.
Update: They didn?t fix it all,
if for some who might not know who the riaa is?"Big Four" RIAA members
* Sony BMG Music Entertainment
* EMI
* Universal Music Group
* Warner Music Group
there is others as well but those are the main 4
They are known for suing people and trying to bully people into paying them. They sued a lady a few months back for like $275,000.00 for downloading like 23 songs online.
If anyone ever deserved to get hacked its them!
Comment