1. readerOfTeaLeaves

    ‘Hacking’ seems to be the Word of the Day. (See also: News of the World).

  2. Baguda

    It was a real hack…
    When you acced to “Moody’s Research & Ratings” in facebook, you are redirected to that page…
    If you look now on facebook, you won’t find their page because they shutted it down…

  3. Is a real hack

    This was a real hack to Moody’s page.
    I’ve the link, but the comment is doesn’t allow paste full URL, I will try:

    1. bob goodwin

      I could not get the link to work either. As a software architect in the ‘internets’ I feel qualified to offer a couple of comments.

      The screen shot clearly has “moodys.com” in the url. This would not be possible if someone had not manipulated a machine they did not own – either at moody’s, or by embedding scripts unwittingly in an end users browser. I think either of these qualifies as a hack. Although the phrase ‘url trick’ seems to imply that Moody’s servers have not been breached, but I see no proof of that either. manipulating urls within a server farm is no less of a security breach than manipulating web pages or data.

      1. BondsOfSteel

        It appears to be a cross site scripting bug associated with their search functionality.

      2. Stepph

        Bob Said:

        “The screen shot clearly has “moodys.com” in the url. This would not be possible if someone had not manipulated a machine they did not own – either at moody’s, or by embedding scripts unwittingly in an end users browse”

        I disagree.

        You can set up your own DNS server and point http://www.moodys.com to your own, fake web server. We do such things all the time, for legitimate (internal testing) reasons.

        Heck, you can edit your local hosts file and save yourself the trouble. We do this too.

        1. You Dumb Ass

          And you can just write anything you want and take a screenshot you dumb ass.

      3. gatopeich

        Dear “Software Arquitect”, this “URL trick” looks like a special kind of ‘hackless hack’ that has become very popular of late. It does NOT require modification or access to the ‘target’ servers, since all the information is injected in the URL.
        All it requires is a buggy server script that allows a part of the URL to be interpreted as HTML, thus showing whatever the ‘hacker’ wants.
        Such bugs are usually corrected as soon as the ‘hacker’ propagates his victory, since they are of a very simple nature. That’s why you usually only find them in the form of screenshots, which btw are really easy to fake, or eventually in Google’s cache if the URL gets popular as a google search before the bug is corrected.
        So rather than a hack, this is a bug in the server.
        (Not to be confused with SQL injection attacks, which might lead to more serious hacks.)

        Bottom line, looks like there was no security breach.

        Disclaimer: I despise Moody’s and what it represents.

  4. Ethical Cracking

    Fannie Mae’s proprietary underwriting software. Pay Licensed Closed Source.

  5. Yearning to Learn

    are we sure they were hacked?
    looks like typical Moody’s research to me.

    hard to differentiate Moody’s “research” from hacker jokes these days.

  6. Barry

    This was an XSS, and not even a stored XSS at that. I wouldnt really class this as an attack, but meh…

  7. TheBest7

    It was real, it showed up in the News in Portugal – we’re pissed off with Moody’s and many groups are launching stress attacks against them. Mine has over 50.000 people.

    1. Lookcloser

      “it was real, it showed up in the news” ha…ha.
      this is exactly why humanity is totally going the wrong direction. “everything in the news must be true.” don’t forget that it is people like anyone behind the news. with their interpretation and their degree of comprehension. and when it comes to hacking, I personally highly doubt about their good understanding of the why and how. what? there was an expert? don’t worry, they are not all “experts”. thank you for the exhibit…

  8. Sniff

    Whether it is a hack or not, got in the news all over the world and everyone is laughing on them.

    Moody’s and all the other companies like that (who caused the previous economic crysis as well) deserves every grief that people can throw at them.

    I’m not portugal, but feel the same as the people of Portugalia feel nowdays.

  9. Lookcloser

    So many signs -if you zoom a bit- show that it’s a fake. Right now i think i would know how to do it but too lazy to try… it really seems not very complicated…

Comments are closed.