Hundreds of Public Sector Web Sites Hacked

January 2004

More than 150 local websites were hacked and defaced in a three-day period over the Jan 16-18 weekend, according to the Malaysian Computer Emergency Response Team (MyCERT).

Of these, more than 120 were government and public sector websites, said Solahuddin Shamsuddin, MyCERT manager.

MyCERT received information that many public sector websites in China, Hong Kong and Taiwan had also been hacked.

The websites -- on the .gov, .net, .com, .edu and .org domains -- were mostly running the Linux operating system, which is considered far more secure than the popular Microsoft Window operating system.

About 98% of the compromised websites were running Linux; the rest were hosted on Windows 2000 machines, said Solahuddin.

The hackers mainly took advantage of existing vulnerabilities present in the operating systems, and unpatched services, he added.

Solahuddin said this did not indicate a new trend in hacking Linux boxes, but was simply a case of hackers targeting machines connected to the Internet at random.

Linux machines that were vulnerable were mainly running older versions of Apache servers, PHP scripts and OpenSSL.

The Windows 2000 machines had Microsoft IIS extended Unicode directory traversal, Microsoft FrontPage Extension and WEBDAV vulnerabilities.

Source...

 

With Dionach you get:

• An efficient, friendly and flexible service
• To talk directly to the experts
• Straightforward assessment reports that get to the point
• Complete confidentiality and utmost discretion