Problem while researching Hacked Macquarie University Website

[DoubleDee]

Last night I saw an article about how Macquarie University's website was hacked.

So I found a security website that had cached a copy of the hacked website, and I saved the HTML into an HTML file in NetBeans so I could re-create the web page to show others.

In the HTML that I saved, there was this reference to some image on the website...

http://lh6.ggpht.com/Ozkd02BshFn39KGdmy1UV1iGC_duOgzv_qTNsGOr-02QvKVHMKE0aLB8scDTKy63_Ulal7h-sdL0Q0n3iII=s556


I tried right-clicking on the image to save a local copy, but FireFox didn't allow me to do this.

What I would like to know is, "Is it possible that the URL above is to one of the Hackers servers, and thus maybe carried a dangerous payload that I could have somehow picked up while originally viewing the cached website on this intermediary website, or while viewing the page - and images - again from my local copy?!"

I am on a Mac, but nonetheless, I am sort of regretting doing what I did...

Thoughts??

Sincerely,


Debbie

P.S. Here is a partial screen-shot from the code I copied and placed into a local HTML file... (I did this mainly because the original was a few pages, and so there was no easy way to do a "screen-shot"...)

2_MacquarieUniveristyHacked.png

[2ndmouse]

From what I can gather, ggpht.com is an image repository used by Picasa and the like. It can't be opened in a browser directly, chrome returns a 404.

The sub-domains lh6 lh5 lh4 etc appear to represent different world regions, according to some info I found. Anyway, bottom line is, I don't think it's a link to anything nasty.

Check for links to any other remote sites, especially in the javascript, if there is any. That's where any malicious stuff is likely to be.

As a footnote, and at the risk of being bombarded by protesting mac users, I don't think being on a mac offers any more protection against malicious code than being on a pc. Just an opinion, based on something I read a while back.

Regards

[DoubleDee]

From what I can gather, ggpht.com is an image repository used by Picasa and the like. It can't be opened in a browser directly, chrome returns a 404.

The sub-domains lh6 lh5 lh4 etc appear to represent different world regions, according to some info I found. Anyway, bottom line is, I don't think it's a link to anything nasty.

Glad to hear that!

BTW, why can't I right-click and save the two images on that website?

Check for links to any other remote sites, especially in the javascript, if there is any. That's where any malicious stuff is likely to be.

Yeah, that much I know.

As a footnote, and at the risk of being bombarded by protesting mac users, I don't think being on a mac offers any more protection against malicious code than being on a pc. Just an opinion, based on something I read a while back.

Regards

I think Macs are safer, but that doesn't mean they are completely free of weaknesses or people who want to hack them.

Normally I am pretty careful about what I save, but I just found the hacking of that website so - in your face!! - that I wanted to keep a copy for myself and to show others how dumb companies and institutions can really be?!

Sincerely,


Debbie

[2ndmouse]

BTW, why can't I right-click and save the two images on that website?

Right-click is probably disabled in the javascript. Usually, it produces an alert, but there's no reason why the alert can't be removed.

Here's an example

Regards

[DoubleDee]

Right-click is probably disabled in the javascript. Usually, it produces an alert, but there's no reason why the alert can't be removed.

Here's an example

Regards

If that is what they did, then is there an easy way around that?

I actually looked in the HTML, and pasted the URL to the photo, and it still wouldn't let me save the photo...


Debbie

[ralph.m]

is there an easy way around that?

Just disable JS.

[DoubleDee]

Just disable JS.

Duh! Okay, that did the trick.

Thank you!

(Now let's hope the links to those images and the images themselves are not malware?!)


Debbie

[ralph.m]

As far as the image is concerned, I guess you could "save for web", which would probably strip out any nastiness in it ... although I doubt there's any issue with it.

I do find the turning off JS quite funny. I was asked to do a gallery site at one point, and the client was adamant that the pictures had to be protected by one of those JS scripts. She showed me an example site, and it took me less than a second to turn off JS and download the images. Her shoulders sank, and she never asked for this again.

[TechnoBear]

I do find the turning off JS quite funny. I was asked to do a gallery site at one point, and the client was adamant that the pictures had to be protected by one of those JS scripts. She showed me an example site, and it took me less than a second to turn off JS and download the images. Her shoulders sank, and she never asked for this again.

A slightly more realistic approach to the problem is the one used by this site, for example (not one of mine ). The first time you right-click, it brings up a copyright warning message, but once you've closed that, the normal right-click functions are restored.

[ralph.m]

it brings up a copyright warning message ...

I guess that's a better approach, although it doesn't seem people care much these days. Might be better to play on superstitions ... like—"You will be cursed and die in seething agony within the week ... Muahahahaha" sort of thing.

[felgall]

The most effective way I have found for protecting images from being copied via the context menu is to place a transparent image in front of them so that the transparent image is the one that gets copied instead of the real one. By the time they realise they got the wrong images at least some will not bother going back to steal the images a different way - such as by saving the entire page and then copying the images from there.

[ralph.m]

That's a clever idea. I guess it could easily be automated for a gallery site, too, as manually doing it for every image would be tedious.

[DoubleDee]

As far as the image is concerned, I guess you could "save for web", which would probably strip out any nastiness in it ... although I doubt there's any issue with it.

I do find the turning off JS quite funny. I was asked to do a gallery site at one point, and the client was adamant that the pictures had to be protected by one of those JS scripts. She showed me an example site, and it took me less than a second to turn off JS and download the images. Her shoulders sank, and she never asked for this again.

One of several reasons why I haven't incorporated JavaScript into my website (as part of the base design)...


Debbie

[ralph.m]

One of several reasons why I haven't incorporated JavaScript into my website (as part of the base design)...

It should only eve be an enhancement, rather than a dependancy.

[Mittineague]

Similar to turning off javascript, wouldn't an underlying image be right-clck-saveable by turning off CSS?

[ralph.m]

Indeed, just as easy. If the image can be seen, it can be saved ... even if with a screen shot.

[TechnoBear]

Off Topic:

I guess that's a better approach, although it doesn't seem people care much these days. Might be better to play on superstitions ... like—"You will be cursed and die in seething agony within the week ... Muahahahaha" sort of thing.

Or perhaps "right-clicking again will download a virus which will completely wipe and reformat your hard drive".

[ralph.m]

Off Topic:

Or perhaps "right-clicking again will download a virus which will completely wipe and reformat your hard drive".

That's better, of course, because some people would actually believe it.

When I first allowed my router to broadcast a wireless signal, I changed its broadcast name to VirusPortal (or something like that) to dissuade others from trying to use it. In the end, it felt too mean, and I changed it, because I didn't want to freak innocent people who might get worried that their computer was in danger.