Hacktivist vuln still plagues UN.org

The official website of the United Nations has yet to fix a vulnerability that more than two years ago allowed hacktivists to replace official content with their own activist messages. According to Errata Security CEO Rob Graham, the same SQL injection flaw that plagued the site in August of 2007 remains unfixed now. It's …

This topic is closed for new posts.

Posted Friday 14th August 2009 21:02 GMT

Carter Cole

SQL Injection is easy to fix

this is just dumb i cant believe they leave such stupid venerabilities open i hope this article pushes them to fix the issue for their sake and their users

Posted Saturday 15th August 2009 02:51 GMT

Herby

Just put in a message about global warming

and add that it is all bogus. Do it every day and it might make a point.

Of course you could also add a message that there is $20 if you write to the Secretary General and include coupon code #64327.

Posted Sunday 16th August 2009 15:02 GMT

Anonymous Coward

The UN to a tee

Big, useless, expensive, can't even sort out it's own shit and yet it wants to make itself even bigger.

Replace with "the government", "Gordon Brown", "Apple" etc as you wish but the UN is the worst of them all when it comes to screwing up and refusing to shoulder the blame.

Posted Monday 17th August 2009 10:28 GMT

Anonymous Coward

Wow

Jesus Christ... I could do this hack when I was 14 years old (white hat of course: I learned after 5 minutes of googling how to secure my site against it preemptively). Ridiculous.

Posted Monday 17th August 2009 14:35 GMT

Jason Croghan