WHID 2008-17: Hackers' posts on epilepsy forum cause migraines, seizures

Up to now we never registered at WHID an incident that caused physical pain on its victims. Unfortunately, there is always a first. In an attack which gives a whole new dimension to the term "malicious",hackers recently injected to the Epilepsy Foundation's Web site hundreds of pictures and links to pages with rapidly flashing images.

The breach caused severe migraines and near-seizure reactions in some site visitors who viewed the images. People with photosensitive epilepsy can get seizures when they're exposed to flickering images, a response also caused by some video games and cartoons.

The attack method is only described as an exploit of a security hole in the foundation's publishing software. However, the attack looks very much like a variation of the popular iframe injection SQL bots, used for malice rather than profit, hinting that this was an SQL injection attack.

Additional information:

• Hackers' posts on epilepsy forum cause migraines, seizures [AP, May 7 2008]