-
-
-
Could be an inside job, or security details passed on, if any techies have recently been laid off.Work in the public sector? Read the IR35 FAQ hereComment
-
Nah, just crap / non-existant security.Originally posted by OwlHoot View Post
Never attribute to Malice that which can be explain by stupidity.
"Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.Comment
-
Thats an extreemly big If.Originally posted by Zippy View Post
The impressive thing about these guys is not so much what they have done, most of it is down to lapses / incompetence on the part of the site owners in not fixing known vulnerabilities, it's the fact that they havn't been caught.
So far they have managed to evade the security services and law enforment agencies of at least 2 countries for several months, and maintain a high public profile while doing it. That's the impressive bit."Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.Comment
-
Grauniad: How the hack was done
Oops #1
Oops # 2However as far back as 2009 a weakness was found in the "Contact us" form of the Sun's site that meant that it could be used to attack the database holding emails for the system.
NI should really have taken "new-times.co.uk" offline once they were done with it.The server hosted the outdated "new-times.co.uk" site put up when the Times was building its paywall.Last edited by Sysman; 19 July 2011, 10:45.Behold the warranty -- the bold print giveth and the fine print taketh away.Comment
-
How was the hack achieved ? It was not a straight forward file system hack because the home page would show for about 5 seconds before a redirect happened. Was it a XSS attack ?Vote Corbyn ! Save this country !Comment
-
Nope, from the Grauniad article there were fundamental flaws in the new-times.co.uk website that allowed them to carry out an SQL injection and File Inclusion attack that gave them control of the server and from there into the CMS used to maintain the Sun website. From there it was trivial to add a redirect on the home page. The delay was probably just down to server lag due to the volume of traffic hitting it once the hack went public.Originally posted by fullyautomatix View Post
Trivial stuff in terms of complexity of the hack and entirly due to stupidity/negligence on behalf of NI techies."Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.Comment
-
If they treated the techies like the journalists then it wasn't stupidity/negligence.Originally posted by DaveB View Post
"You’re just a bad memory who doesn’t know when to go away" JRComment
-
If it was such a complete control of the server/CMS/file system whatever, why didnt they just modify the home page of "Sun" and put the story up there ? Why a redirect? and why not a server side redirect rather than a client redirect ?Originally posted by DaveB View PostVote Corbyn ! Save this country !Comment
Comment