Slashdot Mirror
United Nations vs SQL Injections
Giorgio Maone writes "The United Nations web site has been defaced by 3 crackers who replaced the speeches of the Secretary-General Ban Ki-Moon with their own pacifist message.
This article briefly analyzes the exploited vulnerability and the technology used on the server, both quite surprising to find in such a high profile site."
you do realise that the UN website is up? The submitter has just used their default "yeah the website is borked" page http://www.un.org/sg/?
This is pretty much standard for a lot of government organisations, or atleast I've seen it many times myself.
:)
I don't know how to explain it, but a lot of the people I've seen create websites for government or local authority branches are business types lacking on the technical side. Basically the person who the project manager likes most, regardless of reviewing their technical ability on previous sites other than quickly browsing through one or two and going "ohh, thats nice isnt it!".
On one occasion I've seen a company win the contract simply because the paper they sent to the project manager sparkled slightly in the light and was followed up by a long phone call. Their websites were utter trash, but they were very good at making money.
I suspect the same happened here
This one is up: www.un.org!
Still vulnerable: SQL error
Interesting... And if you're a confused moderator, note that the ending apostrophe is to be part of the URL, but wasn't here due to Slashdot's auto-link generation.
/apps/news/infocus/sgspeeches/statments_full.asp, line 26
You'll get
ADODB.Recordset.1 error '80004005'
SQLState: 37000
Native Error Code: 8180
SQLState: 37000
Native Error Code: 105
[MERANT][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ''.
[MERANT][ODBC SQL Server Driver][SQL Server]Statement(s) could not be prepared.
Beware: In C++, your friends can see your privates!
No way! Our Constitution and Bill of Rights are designed to protect us and our rights! Somehow, I don't think the safety, security, and interests of Americans is high on the priority list of the UN. I would prefer that our courts stick with the Constitution and Bill of Rights that make America's interests top priority.
What are the things that you are claiming that the UN is effective at? As far as I can tell, there are only two things: (1) giving hand-outs to the desperately poor, and (2) keeping tinpot dictators in power. One could argue that these together are self-perpetuating.
I doubt that very much. The UN couldn't pour sand of a boot even with instructions written on the heel.
How long has the genocide in Darfur been going on? Last I heard, the UN issued a proclamation that said basically, "stop or we'll say top again". How about those times the UN security forces allowed militants and war lords to drive right past them and kill the civilians they were supposed to be protecting? How about all those rape and child sex slave cases being hushed up by the UN?
The only time UN security forces are able to do a damn thing that is useful is when the United States or one of our trusted friends (UK, Canada, Australia, etc) is in charge of it.
The UN may be been created with noble intent, but it now only serves to keep tin-pot dictators in power. Look who's on the commission for human rights. The worse evil dictator bastards on the planet.
Look who the UN just put in charge of the commission on sustainability. The representative from Zimbabwe. Zimbabwe! OMFG! They have about 3000% inflation in that country! Once an exporter of food, now suffering mass famine. All because of the policies of the evil dictator Mugabe. But hey, Mugabe's policies just got the rubber stamp from the UN, so it must be desirable.
Any argument that the UN is useful and/or necessary is both morally and intellectually bankrupt given its past history and current (in)actions.
-- Will program for bandwidth