Slashdot Mirror

← Back to Stories (view on slashdot.org)

That North Korean Facebook Clone Has Already Been Hacked (vice.com)

Posted by EditorDavid on from the suggested-posts dept.

Remember yesterday's story about an off-the-shelf Facebook clone in North Korea? Within a few hours that site was hacked by an 18-year-old college student in Scotland. An anonymous reader writes: Using the default credentials, Andrew McKean posted "Uh, I didn't create this site just found the login" in the site's box for Sponsored links. "McKean was able to become an admin for the site just by clicking on the 'Admin' link at the bottom of the site and guessing the username and password," writes Motherboard, which adds that the password was "password". McKean says the breach "was easy enough," and granted him the ability to "delete and suspend users, change the site's name, censor certain words and manage the eventual ads, and see everyone's emails."
The teenager said he had "no plans" for the compromised site -- except possibly redirecting it to an anti-North Korean page.

4 of 84 comments (clear)

  1. Next man up by Anonymous Coward · · Score: 2, Interesting

    The poor shlub who administers that site has probably already been executed.

  2. Crime by Anonymous Coward · · Score: 2, Interesting

    I hope he is prosecuted to the full extent of the law both UK and NK, any propaganda induced biased against NK is not reason enough to commit a crime.

  3. In what language is "password" a secure password? by raymorris · · Score: 1, Interesting

    He got in because the password was left as "password". In what programming language is "password" a secure password?

    Having said that, ten years or fifteen ago PHP had serious security issues, given that it is designed to be used on web, where the application will be attacked daily. It was literally impossible to write a secure program in PHP; literally "hello world" had a security vulnerability. Much has changed. PHP was originally a CMS, written in Perl with a bit of C. It's now an actual programming language, one used by clueless little companies like Facebook. Seriously, it has improved a lot. The world's largest web sites wouldn't be running on PHP if it were junk.

    Having said THAT, it's still an "easy" language to start learning. You can start writing little PHP scripts without being trained and educated as a programmer. If you do that in any language and put your scripts on the web, you'll get hacked. While PHP as a language is pretty decent now, PHP "scripters" who don't know any programming language other than PHP are still mostly people who don't know much. But the same is true of .Net or many other languages. If you learned a bit of a language but never learned programming and especially security issues of web programming, you probably shouldn't expose your software to internet hackers.

  4. Re:The new generation by techno-vampire · · Score: 4, Interesting

    I think that if I managed to hijack a site in North Korea, I'd simply redirect it to a tourism site in South Korea to let the North Koreans get a look at how the other half lives.

    --
    Good, inexpensive web hosting