Blogger.com Hijacked (Briefly)
What looks like a “just because we could” type of hack, Google’s Blogger.com was hijacked through the “Blogger Developer Network Blog” page. The hack allowed anyone administrator status and the priveledges that come with it.
Google was quick to fix a “bug” that enabled the non-malicious hack, a weakness due to the blog’s dual addresses, “code.blogger.com” and “code.blogspot.com.”
The hackers redesigned page, adding a blog title “Downloading99%,” and invited readers to obtain admin status, allowing them to edit or delete posts.
Someone under the alias, “Hamster” posted the original instructions, first with only a greeting, but subsequent posts revealed instructions to users.
Post 2, July 31, 1:47 AM
“All members of this blog = admin, = you can change stuff around here, change the template, delete posts not your own, pls make some +ve changes to this blog, this post will be deleted soon after everyone has joined the blogging team. anyone nothing better to do please change add tagboard..or whatever…and of cos..blog…”
Post 3, July 31, 3:22 AM
“If you are reading this then you = blogging noob, follow instructions. go www.blogspot.com create your blogging account check your email, look for the invitation to this blog and join as a member. once you join you can post on this blog, and edit the blog as you wish, please wait for some member with admin privileges to change your member status from normal to admin too, meanwhile, post some crap like this.”
Flickr was also affected, redesigned to have a matrix feel to it. You can check out the various screen shots below. Thanks to Dirson for breaking the news.