back to article Website for computer security experts hacked

First Forensic Forum - a UK based association of computer security professionals - has been hacked. F3.org's website was defaced (screen shot here) with a message poking fun at the association of computer forensic experts. The timing of the defacement on Thursday was fortuitous (or well planned) since the organisation is coming …

COMMENTS

This topic is closed for new posts.
Paris Hilton

Honeypots are great, aren't they?

Secure your Web site; then deliberately open a single page to certain exploits, and wait to see which flies blunder into your Web...

Defacing a security firm's site is about as smart as vandalizing a panda car in the local cop shop's garage. Too bad we'll never be told the juicy details of what happens to the rather stupid vandal who did this.

In other news, DARPA is consulting with Paris Hilton to learn what technology she uses to make her panties disappear...

0
0
Thumb Down

Frontpage?

Hacked, and a page created in Frontpage put up instead.

For shame.

0
0
Thumb Down

shows the state of the average security consultants dilgance post instal

going by the fact that 90% of my work is cleaning up after a so-colled {and billed} security experts. supposed work

i would guess that the people running the site were employing those of the same calibre

or more likely hosting with a company that ill-secures its servers

the fixed by frontpage page kinda re-enforces that for me. a security expert that can't knock up some html unaided{or at least clean the frontpage crap out after} is hardly much use at spotting a subtily hacked site {malicious code insertion} for their clients

let alone securing or auditing the system/network it runs on

0
0

honeypot my as*!

well and truly pwned

0
0
Dead Vulture

That's no honeypot!

A real honeypot would hide the actual site, so that only the defacer would see the defacement. If this was at least a halfway-decent org, the hard drive would have been pulled for forensics already, with a restored site up already.

It might be as smart as vandalizing a panda car, but if days pass and the panda car's not only still gang-tagged, but being driven about like such, what does it say about the cops?

0
0
Heart

Women from venus

The statement by the hacker reminds me of comments structure by the "amanfromMars", in other words WTF is he on about...

0
0

Hacker intelligence in general

I've not tried my hands at this hacking malarky, but it occurs to me that it can't be that difficult, judging by the horrific language skills possesed by the perps.

Either that or defacements are performed solely by foreigners.

0
0

Storm in a teacup

Infantile scriptkiddies noisily defacing unimportant sites are not a worry - nothing to see here, please move along.

Criminals from eastern Europe or the far east infiltrating (or convincingly spoofing) Amazon or PayPal then siphoning my bank account *are* a worry. Those baddies aren't 15-year-old Chinese or Californians and they don't gob off with grafitti.

Incidentally, Morley, I don't think it was a honeypot situation. And I doubt if Hilton's ever worn knickers - a bit of a downer for avid sniffers.

0
0
Coat

Interesting site

Their non-defaced home page reads:

"Logging-in hightens your site priviliges significantly."

No doubt it does.

0
0

Title

Looks to me like the F3 website uses Xoops opensource content management system, which is understandable for non-profit organisations since these CMS provide great functionality for free.

However one of the drawbacks of opensource systems like this are script injection vulnerabilities etc that are posted on underground websites and then used by low-level hackers (the infamous "script kiddies") who are often just trying to boost their ratings on a hacker website like www.zone-h.org. Interesting that that site is built with Joomla!!

I had an e107 site hacked in this way last year, "elhackerone" even kindly renamed the index page "indexold" before replacing it :-) I sent him an email and he told me which exploit he'd used so I could patch it. Took all of 30 seconds to sort it out.

So it wasn't really the admins or hosts fault, unless the Xoops version was very old - it is more accurately the price you pay for using "free" software...

0
0
Stop

Security not the same thing as forensics ...

These guys are specialists at dealing with the unpleasantnesses of locking up pedophiles, not securing web servers.

We should be feeling sorry for people who whist making the web a nicer place for the population as a whole get harassed by some script-kiddie who can't construct a decent sentence.

However, as some of the members of F3 include pretty much every UK police force, he better have made sure that he/she cleaned up after him/herself pretty well !

0
0
This topic is closed for new posts.

Forums