UN Website
Moderator: General Moderators
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
superdezign roughly got my point.
A website getting hacked isn't all that interesting today. Since this particular hack was politically targeted toward a member of the UN, it's even less interesting.
Unless they came up with some ingenious or novel way to hack the site, it's just another site hacked -- no more interesting than the next --, likely through a slip in site security.
A website getting hacked isn't all that interesting today. Since this particular hack was politically targeted toward a member of the UN, it's even less interesting.
Unless they came up with some ingenious or novel way to hack the site, it's just another site hacked -- no more interesting than the next --, likely through a slip in site security.
What makes it more interesting (to me) is that it was a superb lapse in security judgment. The hackers used SQL Injection to do it. Nothing fancy. But you would think that even the most basic programmers know about SQL Injection and some basic steps to prevent against it. Whoever coded the site didn't even try to prevent against it, and half their site still allows for it.feyd wrote:Unless they came up with some ingenious or novel way to hack the site, it's just another site hacked -- no more interesting than the next --, likely through a slip in site security.
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Makes you wonder how easy it is for a company to act as though they are more experienced than really are when they are being contracted.TheMoose wrote:What makes it more interesting (to me) is that it was a superb lapse in security judgment. The hackers used SQL Injection to do it. Nothing fancy. But you would think that even the most basic programmers know about SQL Injection and some basic steps to prevent against it. Whoever coded the site didn't even try to prevent against it, and half their site still allows for it.
-
malcolmboston
- DevNet Resident
- Posts: 1826
- Joined: Tue Nov 18, 2003 1:09 pm
- Location: Middlesbrough, UK
I could tell you some real horror stories of so called professional companies handing out piece of <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> and charging through the roofsuperdezign wrote: Makes you wonder how easy it is for a company to act as though they are more experienced than really are when they are being contracted.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
This article is a blast, and points out that the UN site has some issues with outdated systems and such...
I personally found it hilarious that a global organization would allows their web site to be put up without every making sure that the site was protected. I mean, seriously, there isn't a developer in all of Earth that help this organization out with some usability and security tests?
I personally found it hilarious that a global organization would allows their web site to be put up without every making sure that the site was protected. I mean, seriously, there isn't a developer in all of Earth that help this organization out with some usability and security tests?