[Owasp-delhi] Pakistan Hackers Respond To Indian Hackers
Tarun Dua
tarundua at gmail.com
Sat Dec 4 08:33:49 EST 2010
Your statement makes me worried at multiple levels.
1. Does nobody do website scanning for user input verification before they
make it live ? I think apart from the contact form there was hardly any
user-input in the whole website ? Close out the user-input related pages and
SQL injection issues go away for a while, the rest of the website can be
back.
2. Why don't they rely on robust open source like wordpress/drupal for
simple content based sites which anyway don't have any useful information.
Atleast the patches get released regularly and can be easily applied.
Ofcourse if they contract out theme building the likelihood is the 90's
style themes would have vulnerabilities built into it by newbies who code
it, there a few things that don't work well with a tendering process and
building web applications is one of them. Otherwise its monstrosities like
the MCA21 website is what it results in at a huge cost to the taxpayers.
3. What prevents them from putting up a static page that website is being
restored instead of just doing a disappearing act.
4. This is not the first time it has happened to NIC, how many heads have
rolled till now.
5. The below mentioned link makes for a real sad reading, its not hard for a
big spender like Government to hire a few ex-Google,ex-Yahoo! , ex-Amazon
folks in India these days to fix web security from the ground up.
-Tarun
On Sat, Dec 4, 2010 at 6:41 PM, Soi, Dhruv <dhruv.soi at owasp.org> wrote:
> If you read the article just shared by me, it mentions that CBI website had
> SQL injection on their website so can’t be restored without programming
> changes. I also underwent another article on Indian National Cyber Security
> policy which literally made me go into laughter, its available here:
> http://www.hackerregiment.com/indias-national-cyber-security-policy-or-corporate-information-security-policy.html
>
>
>
>
>
> *From:* owasp-delhi-bounces at lists.owasp.org [mailto:
> owasp-delhi-bounces at lists.owasp.org] *On Behalf Of *Tarun Dua
> *Sent:* 04 December 2010 18:35
> *To:* amar wakharkar
> *Cc:* owasp-delhi at lists.owasp.org
> *Subject:* Re: [Owasp-delhi] Pakistan Hackers Respond To Indian Hackers
>
>
>
> If NIC was a hosting company they wouldn't be getting any business for
> managed services for their legendary incompetence, do they have an SLA to
> restore stuff in finite time, I mean the napakis hosted their websites in US
> so understable they were fiddling with ftp to upload stuff from their
> blazing fast cheaper than India DSL lines, but what sort of 'enterprise'
> tape drive backups do these folks at NIC use that they can't restore a
> static website no more than a few megabytes for so long.
>
> Shit happens all the time its the MTTR that matters more.
>
> India seems to have its fill of incompetent bureaucrats like the ones at
> CERT-IN ( where some sweater knitting ladies pick up the official phone
> mentioned on their website with responses like CERT-IN woh kya hai type
> answers when you call them up to verify their PGP key fingerprint as
> recommended on their website )
>
> -Tarun
>
> On Sat, Dec 4, 2010 at 4:19 PM, amar wakharkar <amarsuhas at hotmail.com>
> wrote:
>
>
> Hi Jack,
>
> What do you have to say about CBI Website hack ?
>
>
>
> ------------------------------
>
>
>
> >> ____________________________________________
> >>
> >> -----owasp-delhi-bounces at lists.owasp.org wrote: -----
> >>
> >> To: "owasp-delhi at lists.owasp.org" <owasp-delhi at lists.owasp.org>
> >> From: Jack H4xor <j4ckh4xor at gmail.com>
> >> Sent by: owasp-delhi-bounces at lists.owasp.org
> >> Date: 11/30/2010 03:13PM
> >> Subject: [Owasp-delhi] Indian Hackers Respond to 26/11 Terrorist Attack
> >>
> >>
> >> 26th November 2010, two years from the dark day for the Indians when
> >> few Islamic terrorists from Pakistan opened fire at few key public
> >> places of Mumbai, killing around 175 people and wounding many.
> >>
> >> A group of young and enthusiastic Indian hackers, tagged as Indian
> >> Cyber Army (ICA) powered by indishell.in, carried a mass defacement
> >> operation against many public and official websites belonging to
> >> Pakistan in order to pay their homage to the martyr of the terrorist
> >> incident. Hacker Regiment sources talked to few hackers belonging to
> >> ICA to understand their modus operandi behind such cyber attacks.
> >> Jackh4x0r and LuCkY told that most of the group members are already
> >> well settled and earning good money out of their professions.
> >> "Monetary benefits is not the motivation for any of the group members
> >> to carry out such cyber attacks, this particular attack was to convey
> >> a message to the Pakistani citizens on opposing the terror route being
> >> followed by their nation to disturb neighbours. And 26/11 was the
> >> ideal time for conveying this message when our brave soldiers laid
> >> their precious life for the country people" said Jackh4x0r.
> >>
> >> Source :
> >>
> >>
> >>
>
> http://www.hackerregiment.com/indian-hackers-respond-to-26-11-terrorist-atta
> ck.html<http://www.hackerregiment.com/indian-hackers-respond-to-26-11-terrorist-atta%0Ack.html>
> >>
> >>
> >> Peace
> >> Jack
> >> _______________________________________________
> >> Owasp-delhi mailing list
> >> Owasp-delhi at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-delhi
> >>
> >>
> >> =====-----=====-----=====
> >> Notice: The information contained in this e-mail
> >> message and/or attachments to it may contain
> >> confidential or privileged information. If you are
> >> not the intended recipient, any dissemination, use,
> >> review, distribution, printing or copying of the
> >> information contained in this e-mail message
> >> and/or attachments to it are strictly prohibited. If
> >> you have received this communication in error,
> >> please notify us by reply e-mail or telephone and
> >> immediately and permanently delete the message
> >> and any attachments. Thank you
> >>
> >>
> >>
> >> _______________________________________________
> >> Owasp-delhi mailing list
> >> Owasp-delhi at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-delhi
> >>
> >>
> >
> >
> > --
> > Regards,
> > Chintan Dave,
> >
> > LinkedIn: http://in.linkedin.com/in/chintandave
> > Blog:http://www.chintandave.com
> >
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
>
> _______________________________________________ Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20101204/2ab360dc/attachment-0001.html
More information about the Owasp-delhi
mailing list