[ISN] Hacker Code Lingered on Home Depot Website

From: InfoSec News <alerts_at_private>
Date: Wed, 12 Jan 2011 02:34:20 -0600 (CST)
http://www.foxnews.com/scitech/2011/01/11/home-depot-website-compromised/

By Jeremy A. Kaplan
FoxNews.com
January 11, 2011

The website for do-it-yourself giant Home Depot has been … well, 
screwed.

An IT analyst has uncovered the lingering remnants of a 2009 breach of 
security on the website of the major retailer: secret code hidden on the 
website that redirected the user's browser to a site that served up 
malware.

"Somebody managed to deface the site and inject that code, so that 
anyone visiting the site would have loaded the malicious code from this 
other site," explained Mike Menefee, founder of security website Infosec 
Island, which discovered the hack.

He stressed that HomeDepot.com isn't presently a threat, nor has it been 
for quite a while. Experts told FoxNews.com that the hack was discovered 
by someone and disabled -- and that's the mysterious part of the whole 
thing. Who leaves malicious code lying in wait -- dormant, disabled and 
inactive on their site?

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Wed Jan 12 2011 - 00:34:20 PST

This archive was generated by hypermail 2.2.0 : Wed Jan 12 2011 - 00:43:24 PST