National Broadband Plan (NBP) has been DEFACED
it is a shame to Ministry of Energy, Water and Communications web team that their newly launched National Broadband Plan website has been defaced (see below)
by someone called "AGIL SANDRO" (sound like a Brazilian hacker). Most of the other pages are still intact although the design itself juggled up by improper handle of frames and graphics (see the mix up picture above). On the same site there is a registration page that collects broadband citizen of Malaysia and up to date the statistic shows total of registration from 367 individuals, 26 household and 7 companies. All these registrant (including me) could be jeopardized of stolen information by Mr Agil action. Most probably there is a weak link at the server that allow this hacker sniff in although the web server is running on a Apache server on top of a Linux box, said to be secure than Microsoft IIS.
it could be the result of mistakes from web team that did not do a throughout testing not only on security assessment but also functional test. it been found that many places throughout end up with 404 including a downloadable PDF document link on the main page. questionnaires workflow also half-boiled as a few blank pages has been shown prior my test to register myself as one of the household account.
i had sent a notification to the Ministry webmaster as at today and hopefully they will reply or fix those issues as soon as possible before many more people been honeycombed. certainly i wish this is one big lesson that taught them enough to secure any public domain as such nature to use the following guidelines:
- always use SSL connection with a valid certification when collect sensitive information from the public.
- secure the server by patching up-to-date fixes from OS provider.
- test the security of the domain prior goes live using sophisticated test plan.
- do test the web application using alternative browsers like firefox or safari. to their level of expertise as a staff from the Ministry of Energy, Water and Communications, one should be aware that Internet Explorer are prone to many security vulnerabilities where been publicized.
| Share this post : |  |  |  |  |  |  |
Posts
2 comments:
wow, thanks pointing that out. We need not less than MYR 3Million to revamp the site. Will open a tender for vendors next week. Feel free to submit your tender.
3 million RM for this kinda of crap? i'll do it by half or quarter of that price. it shows the corruptions and abuse of power and cronies of the government deep.
Post a Comment