Hacker exposes security breaches on CNN website

On the heels of recent hacking attacks on government and company websites around the world, a hacker has discovered over the weekend security flaws on the website of 24-hour news channel Cable News Network or CNN. The hacker named "Sec Indi" reportedly found "multiple SQL injection vulnerabilities" on the news network's site, according to a report on The Hacker News. "SQL Injection Vulnerability was the reason for [the] biggest data breaches of 2011, [including] various Sony hacks. [The] hacker said that he [has] informed the CNN admin [several] times, but [the] site is still Vulnerable," the report said. SQL injection is a security breach performed by exploiting the database layer of a certain application that tends to expose hidden data. The report said the hacker has cited two vulnerable links and has posted screenshots of the breach on The Hacker News site. As of 4 a.m. Monday (Manila time), however, the page referred to in both links appear to have been restored to normal. The CNN hack is just the latest in a spate of security breaches targeted at websites of government and large corporations worldwide. The hacker did not disclose if he is part of any of the two hacking groups responsible for recent high-profile security breaches, namely LulzSec and Anonymous. In the Philippines, a similar hacking group called Philker has exposed vulnerabilities in government websites such as that of the Office of the Vice President, the Food and Drugs Administration and the Philippine Nuclear Research Institute. Philker did not say if it is connected with any of the two global hacking groups, but has left notes in defaced websites similar to that of the notes used by Anonymous in their operations. —JMT/VS, GMA News