Security information website hacked

A cracker has broken into a leading computer security information website that survives hundreds of attempted hacks every week.

AntiOnline, which has the strapline 'Hackers know the weaknesses in your system, shouldn't you?' and carries security news and information, was defaced on Saturday by a hacker known as n1nor. The hacker replaced the front page of the site with a message boasting about the security flaw he had found.

The site is a well-known target for hackers and publishes the internet address of all hackers who have attempted to crack its defences - hundreds a week - under the heading 'Leave us alone'.

n1nor mocked the owner of the site, John Vranesevich, through the defacement. "I could have sworn this site was deemed unhackable," he said. n1nor also posted a picture of Vranesevich under the heading 'Hackers know the weaknesses in my system, shouldn't I?', mocking the AntiOnline strapline.

Security experts said AntiOnline has good security measures in place, but a weakness had been found in some of its Perl scripting. Chris McNab, network security analyst at MIS Corporate Defence, said: "AntiOnline on paper has a very secure network. One of the scripts has been vulnerable to an exploit. [The hacker has] side-stepped firewall and intrusion detection systems."

n1nor said the exploit did not require much skill. "The lesson inherent in this defacement is that even sites with only a webserver accessible can be penetrated. Determined intruders will scour your website looking for information leaks, dim-witted misconfigurations and insecurities in server-side programs," he said.

Last month, hackers broke into Slashdot.org, another high-profile US technology website.