LulzSec is still going strong, and their most recent victim, The Sun, should have seen it coming. I’m not talking about Murdoch’s infamous scandal, although that was really the only reason they attacked The Sun.
LulzSec seemed to manage to not just find a password to play around with, but actually post an article, redirect all users of the site to that article and then, in true form, leak many of their passwords. Surely this was an act of genius. Some little-known underground tricks must have played their part in this, right? As it turns out, The Sun has been vulnerable to attack since at least 2009. What’s more, the vulnerability turned out to be one of the easiest to spot and fix: A cross-site scripting vulnerability. The Sun seemed to be aware of it, but still put that version of the site on an alternate server — a big no-no in the security world.