back to article Website for computer security experts hacked

First Forensic Forum - a UK based association of computer security professionals - has been hacked. F3.org's website was defaced (screen shot here) with a message poking fun at the association of computer forensic experts. The timing of the defacement on Thursday was fortuitous (or well planned) since the organisation is …

COMMENTS

This topic is closed for new posts.
  1. Morely Dotes
    Paris Hilton

    Honeypots are great, aren't they?

    Secure your Web site; then deliberately open a single page to certain exploits, and wait to see which flies blunder into your Web...

    Defacing a security firm's site is about as smart as vandalizing a panda car in the local cop shop's garage. Too bad we'll never be told the juicy details of what happens to the rather stupid vandal who did this.

    In other news, DARPA is consulting with Paris Hilton to learn what technology she uses to make her panties disappear...

  2. Andy Mikula
    Thumb Down

    Frontpage?

    Hacked, and a page created in Frontpage put up instead.

    For shame.

  3. Alan Doherty
    Thumb Down

    shows the state of the average security consultants dilgance post instal

    going by the fact that 90% of my work is cleaning up after a so-colled {and billed} security experts. supposed work

    i would guess that the people running the site were employing those of the same calibre

    or more likely hosting with a company that ill-secures its servers

    the fixed by frontpage page kinda re-enforces that for me. a security expert that can't knock up some html unaided{or at least clean the frontpage crap out after} is hardly much use at spotting a subtily hacked site {malicious code insertion} for their clients

    let alone securing or auditing the system/network it runs on

  4. john doe

    honeypot my as*!

    well and truly pwned

  5. Blain Hamon
    Dead Vulture

    That's no honeypot!

    A real honeypot would hide the actual site, so that only the defacer would see the defacement. If this was at least a halfway-decent org, the hard drive would have been pulled for forensics already, with a restored site up already.

    It might be as smart as vandalizing a panda car, but if days pass and the panda car's not only still gang-tagged, but being driven about like such, what does it say about the cops?

  6. Daniel
    Heart

    Women from venus

    The statement by the hacker reminds me of comments structure by the "amanfromMars", in other words WTF is he on about...

  7. Phil

    Hacker intelligence in general

    I've not tried my hands at this hacking malarky, but it occurs to me that it can't be that difficult, judging by the horrific language skills possesed by the perps.

    Either that or defacements are performed solely by foreigners.

  8. Sceptical Bastard

    Storm in a teacup

    Infantile scriptkiddies noisily defacing unimportant sites are not a worry - nothing to see here, please move along.

    Criminals from eastern Europe or the far east infiltrating (or convincingly spoofing) Amazon or PayPal then siphoning my bank account *are* a worry. Those baddies aren't 15-year-old Chinese or Californians and they don't gob off with grafitti.

    Incidentally, Morley, I don't think it was a honeypot situation. And I doubt if Hilton's ever worn knickers - a bit of a downer for avid sniffers.

  9. Andy
    Coat

    Interesting site

    Their non-defaced home page reads:

    "Logging-in hightens your site priviliges significantly."

    No doubt it does.

  10. Neil Gerstenberg

    Title

    Looks to me like the F3 website uses Xoops opensource content management system, which is understandable for non-profit organisations since these CMS provide great functionality for free.

    However one of the drawbacks of opensource systems like this are script injection vulnerabilities etc that are posted on underground websites and then used by low-level hackers (the infamous "script kiddies") who are often just trying to boost their ratings on a hacker website like www.zone-h.org. Interesting that that site is built with Joomla!!

    I had an e107 site hacked in this way last year, "elhackerone" even kindly renamed the index page "indexold" before replacing it :-) I sent him an email and he told me which exploit he'd used so I could patch it. Took all of 30 seconds to sort it out.

    So it wasn't really the admins or hosts fault, unless the Xoops version was very old - it is more accurately the price you pay for using "free" software...

  11. Anonymous Coward
    Stop

    Security not the same thing as forensics ...

    These guys are specialists at dealing with the unpleasantnesses of locking up pedophiles, not securing web servers.

    We should be feeling sorry for people who whist making the web a nicer place for the population as a whole get harassed by some script-kiddie who can't construct a decent sentence.

    However, as some of the members of F3 include pretty much every UK police force, he better have made sure that he/she cleaned up after him/herself pretty well !

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019