SELaplana: Thoughts on Technology, Entertainment and Society...

United Nation’s Website, Hacked

Enter your email address to Subscribe:
Delivered by FeedBurner

Hackademix reported that the United Nation’s official website was hacked and defaced. The hacker gained access to the said highly profiled website by simply using the technique called, “SQL injection”.

What is SQL injection?

According to the wikipedia, “SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another”. E-Government has the clearer definition of it which means, that it is the “name for a general class of attacks that can allow nefarious users to retrieve data, alter server settings, or even take over your server if you’re not careful. SQL injection is not a SQL Server problem, but a problem with improperly written applications”.

It’s a kind of attack which my Ka Webspy’s Guestbook experienced last June 2005 and similar attacked used to hack the Pinoy Bloggers Directory on December 2005.

The United Nation website’s Hacker

According to the BBC, the said attack was called “cyberprotest” and hackers using this name are said to be coming from Turkey and called themselves, “Turkish Defacer”.

As of writing this post, these hackers have attacked many websites already.

What’s the lesson?

Well. This simply tells us that we need to be vigilant. Since most of us bloggers are using the Wordpress blogging engine in running our blogs, so we must upgrade immediately our Wordpress installation soon as the new version is released in order to avoid such attack.

Automatically receive updates via email.
Enter your email address to Subscribe:
Delivered by FeedBurner
Posted by SELaplana, 13 August 2007 at Security (No. of Views: 16589)

Comments

3 Responses to “United Nation’s Website, Hacked”

  1. No MyBlogLog Account
    1
    Elizar Says:

    whoever that hackers are, they are good!

    It’s The UN we’re talking about here, I assume they have the most tight security there is… apparently they need to do better.

  2. No MyBlogLog Account
    2
    SELaplana Says:

    that’s what really I was thinking. and it reminds me of my 1999 life…. playing other websites by hacking them….

  3. No MyBlogLog Account
    3
    Jan from thrusites design Says:

    Hm, I do not think that WP is vulnerable. You can avoid SQL injection when using few php functions properly (and yes, WP do use them).

    Simple htmlspecialchars(), addslashes() - for input, strip_slashes() - for output make it very easy.

    BTW, modify your php.ini so it won’t show any error and use @ before every potentially vulnerable function so that the output (returned error or so) won’t be shown on user’s display. This is helpful for mysql_query functions especially.

Leave a Reply

Search Lyrics by Artists: 0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z