Slashdot Mirror

← Back to Stories (view on slashdot.org)

United Nations vs SQL Injections

Posted by CmdrTaco on from the virtual-security-is-hard-too dept.

Giorgio Maone writes "The United Nations web site has been defaced by 3 crackers who replaced the speeches of the Secretary-General Ban Ki-Moon with their own pacifist message. This article briefly analyzes the exploited vulnerability and the technology used on the server, both quite surprising to find in such a high profile site."

1 of 144 comments (clear)

  1. Re:Surprising? by drspliff · · Score: 4, Informative

    This is pretty much standard for a lot of government organisations, or atleast I've seen it many times myself.

    I don't know how to explain it, but a lot of the people I've seen create websites for government or local authority branches are business types lacking on the technical side. Basically the person who the project manager likes most, regardless of reviewing their technical ability on previous sites other than quickly browsing through one or two and going "ohh, thats nice isnt it!".

    On one occasion I've seen a company win the contract simply because the paper they sent to the project manager sparkled slightly in the light and was followed up by a long phone call. Their websites were utter trash, but they were very good at making money.

    I suspect the same happened here :)