The Sri Lankan army has said its website was hacked by rebels who posted "horrible and gruesome images." The attack on the www.army.lk site sent army technicians scrambling to remove the content. By Friday afternoon California time, the site appeared to be running normally. The defense ministry blamed the attack on Tamil rebels …
Oh! What a Wonderful War!
Let's hope the "horrible and gruesome images" are quickly replaced with the images of picnics and children playing with puppies usually associate with the ongoing artillery barrages upon concentrations of civilians and land wars in Asia in general.
just take a gander at any packet of cigarettes nowadays. That sets the bar for how low you can go nowadays to promote any message.
People just don't "get" this medium ...
""This new form of information 'terrorism' is a criminal offence that can be subjected to prosecution, according to international legal provisions.""
Differences of political opinion do not automagically equate to "terrorism". In fact, there are no "terrorists". So-called "terrorists" are weapons of mass distraction.
If you don't air-gap national command and control, you'll probably have additional national security issues beyond what comes with the territory.
If propaganda can be spread thru' non-air gapped systems in your territory, you'll probably have problems controlling the proletariat.
"Internet attacks that accompany geopolitical conflicts have been around since at least 2007"
Try 1994 ... When you have a spare minute, look up Serdar Argic ...
Hard on the eyes
Wish I could have seen the site while it was under attack.
Maybe the "hackers" version of the site looked better then the current.
After viewing the site, I wasnted to rip out my eyes.
The dang horizontal scroll was about the width of 10 sites side by side.
Then theres a crap load of empty space at the bottom of the page.
Without understanding this issue..
... how come we always find a bunch of jokers with pretty one sided opinions ?
Ah... it must be me; probably while spending my time between job, technology and really insignificant social life; I missed understanding this issue while my commentard peers were mastering the subtleties of the orient and the multi-decade "war" and issues of the Tamil diaspora. (Apparently nowadays you can do all this over the internet- no need to actually make a field trip).
Paris, coz she could debase a site, if not deface it.
A simple solution I have seen...
-Build the Web Server with the the Home page, sub-pages, and a few other bits on top of NetBSD (smallest footprint / attack surface)
-have all the "Breaking News" / new content stuff on a flash drive and referenced by the page
-write a script that will copy the entire thing to a RAMdrive and search for updated data on the Flash drive every 5 minutes or so
-Remove all users except root / Service account for webserver, set the both passwords to some incomprehensibly long series of digits and numbers (256 character should do it)
-Wrap this up on a Live DVD using a different set of password for each
-Website will run very quickly (being from RAM and all)
-if it gets hacked:
1) swap the DVD with one of a different Password
-Flash drives are cheap, so if a machine gets hacked, just throw out the old drive. Or even use CD-Rs
-Since the machine has no need for a hard disk, there is less chance of hardware going bad
-Possibly have the machine get the RAMdisk image from a server on a private network, possibly scripting it so the Web cluster will refresh every 12 or so hours
-Can be run a system with very low specs (some old SunSparcs will do nicely, can usually get these pretty cheap, fairly small and use very little power, esp. without HDs)
Too many people try to add too much crap to their website which is how it gets hacked, you can run a decent website with this, use a basic SQL DB application if you need to and have the DB files copied to the CD / Flash drive. This solution should allow for almost all Website (This will support most content: JPEG, AniGIFs, CSS, PHP, Some flash)
let me correct that for you:
"Differences of political opinion do not automagically mean you have the right to deface a web site"
Say what you will about the messages of the site in question, and of those defacing it, but it is still a crime. If you want to speak out aganst a group, you don't deface their site, you put up your own. This allows both sides to express their opinion, rather then one just squelshing the views of the other.
I may hate what you have to say, but I will defend to the death your right to say it.
Did I say anywhere that web-site defacement was a good thing?
My point was that calling it terrorism further dilutes the word "terrorist".
There are no terrorists. Terrorism is a weapon of mass distraction.
that's the simplest solution you can come up with?
the vulnerabilities come from poorly written programs/scripts, if those are on your server then it is insecure if they aren't then it is secure (obviously i'm assuming nobody is stupid enough to use "password" as their root password), the only way you can reduce this problem is using the minimal software for the job and making sure to deal with user input correctly in the few scripts you do run
your convoluted method does nothing extra to help protect the server - if your solution to a server being compromised is to reset it back to the same vulnerable state it was in when it was compromised the first time then i really hope i never have to work on any systems you have "secured"
but regarding the article: it's a public army website, it's not like any secure systems were compromised, probably the only people looking at the site would be reporters looking for a bit of information (and potential recruits - but trying not to sound racist in any way, i suspect recruitment online is probably much less common in sri lanka than it is in most western nations)
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Did Apple's iOS make you physically SICK? Try swallowing version 7.1
- Pics Indestructible Death Stars blow up planets using glowing KILL RAY
- Video Snowden: You can't trust SPOOKS with your DATA
- Review Distro diaspora: Four flavours of Ubuntu unpacked