Tuesday, June 12, 2007

Sydney Opera House Website Infected

An article in the Sydney Morning Herald yesterday announced that the Sydney Opera House website was hacked last month. The hacker installed a Trojan horse program that infected visitors to the site with code that could potentially capture sensitive information (e.g., bank account usernames/passwords).


For those unfamiliar with term, a Trojan horse (or simply "Trojan") is a type of malicious computer software (aka "malware") that, like its namesake, disguises itself as a legitimate program and sits silently on a system until activated. A Trojan isn't a virus per se, as a virus infects other files. A Trojan sits in its own file. When a computer accesses an infected website, the Trojan downloads and installs itself and does nasty stuff like steal passwords or render the system vulnerable to an attack. Visitors to the opera house's site that had not applied security updates to their web browsing software (e.g., Internet Explorer) were infected.

The malware was discovered by a good ol' American geek, who notified the SOH information systems folks. The malicious code was promptly removed. The house insisted that no user data (i.e., names and credit card numbers of ticketholders) was stolen.

The moral to this story is, update your software regularly: Internet Explorer, Windows XP, Firefox, even OSX... all of 'em. The only possible excuse you might have is that you're still on a dialup connection and it would take a millenium to download a 50 megabyte file. Even so, you need to try to keep current. Most companies will ship you their latest software patches on CD for a small mailing fee. A corollary to the moral is to use both antivirus and anti-malware software, update it, and scan your system regularly. Anyone on a broadband connection (i.e., cable or DSL) needs to purchase an inexpensive network router or switch to place between their system and the filthy environs of the internet. These boxes contain hardware "firewalls" that drastically reduce your online vulnerablility. And, since you asked, your cable or DSL modem doesn't do this.

Consider yourself "geeked" for the day.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)