PDA

View Full Version : Royal Navy Website Hacked, Passwords Release



Johnsie
November 8th, 2010, 05:23 PM
Source: http://freebc.co.uk/index.php?WorldNews=true&readworldnews=true&storyID=128

A Red Hat Linux server which hosted the Royal Navy website has been hacked. The site is currently down because so much information was released and spread across the Internet. The hackers released the contents of some of the database tables and some of the logins.

http://www.royalnavy.mod.uk/


Quite embarassing for the UK military,

fatality_uk
November 8th, 2010, 05:40 PM
This isn't a mission critical or operational web server/system.
This is the MOD Navy "web shop" nothing more.
Had they posted GCHQ logins or access to any SIS site then that would have been a hack.
Slightly embarrassing yes. A security risk, no.

Oxwivi
November 8th, 2010, 07:40 PM
If the website is only that, the thread title is quite misleading. But still, a Linux system was hacked, and a Red Hat at that. This just might be serious for Linux at large.

_outlawed_
November 8th, 2010, 07:45 PM
If the website is only that, the thread title is quite misleading. But still, a Linux system was hacked, and a Red Hat at that. This just might be serious for Linux at large.

Linux isn't 100% against invasion, it just makes it extremely harder for someone to get in.

jennybrew
November 8th, 2010, 10:05 PM
Linux isn't 100% against invasion, it just makes it extremely harder for someone to get in.

Im no expert but I can tell you that where I work two *nix servers have been compromised in the last few months. Neither occasion was disastrous but it is very worrying that someone is finding it quite easy to gatecrash our party
The techies dont say much to the likes of me but they have all put lots of hours in penetration testing recently.
No system is penetration proof me thinks

Dustin2128
November 8th, 2010, 10:41 PM
in my opinion, OpenBSD is what you want to run for security.

koenn
November 8th, 2010, 11:23 PM
it was an sql injection attack,
so the problem was in the design and implementation of the website or the framework it was built on. Maybe blame the webserver or the database too.

What operating system it runs on wouldn't have made a difference.

MasterNetra
November 8th, 2010, 11:24 PM
Correction it was cracked, the individuals were crackers NOT hackers. (Hackers != Crackers) media and people still under the false assumption hackers break into systems... Granted it doesn't help crackers falsely take the title either.

Goldfissh
November 9th, 2010, 12:15 AM
Correction it was cracked, the individuals were crackers NOT hackers. (Hackers != Crackers) media and people still under the false assumption hackers break into systems... Granted it doesn't help crackers falsely take the title either.

This is true, and the god damn media still use incorrect names to refer to the bad guys, giving White Hats a bad name :(

radar920
November 9th, 2010, 12:28 AM
Correction it was cracked, the individuals were crackers NOT hackers. (Hackers != Crackers) media and people still under the false assumption hackers break into systems... Granted it doesn't help crackers falsely take the title either.

crakers = good, i like ritz

Old_Grey_Wolf
November 9th, 2010, 12:39 AM
it was an sql injection attack,
so the problem was in the design and implementation of the website or the framework it was built on. Maybe blame the webserver or the database too.

What operating system it runs on wouldn't have made a difference.

+1

If the database had been properly patched, and the "best practices" followed, it wouldn't have happened. SQL injection has been known about for a long time.

Johnsie
November 9th, 2010, 09:55 AM
Well, this could probably have happened no matter what OS was being used. Chances are the weak link was the code in the website. It's very easy to write something in PHP or whatever that is not secure.

When coding websites it's always important to write it in such a way that sql injections can be limited.


The site is still down a day later. This shows the seriousness of the incident. It makes me wonder how secure the rest of the UK military systems are.

koenn
November 9th, 2010, 10:16 AM
This shows the seriousness of the incident. It makes me wonder how secure the rest of the UK military systems are.

it was just a website, hosted by some hosting provider from Texas. This has no bearing on the security of the actual military systems.
fatality_uk also pointed this out yesterday.

Evil-Ernie
November 9th, 2010, 10:26 AM
Every system can be cracked given enough time and effort, its a shame its a Linux system and when the media get hold of a story facts seem to fly out the window :rolleyes:

Johnsie
November 9th, 2010, 11:17 AM
This has no bearing on the security of the actual military systems.

No, but it does suggest they are contracting bad programmers to do at least one of their main IT projects.

samjh
November 9th, 2010, 01:05 PM
If the website is only that, the thread title is quite misleading. But still, a Linux system was hacked, and a Red Hat at that. This just might be serious for Linux at large.

Not to those who know what they're doing. ANY computer system, Linux or otherwise, is hackable. Also, this was an application-level intrusion, so the operating system had very little to do with it.

Bodsda
November 9th, 2010, 01:35 PM
correction it was cracked, the individuals were crackers not hackers. (hackers != crackers) media and people still under the false assumption hackers break into systems... Granted it doesn't help crackers falsely take the title either.

+1

Oxwivi
November 9th, 2010, 01:44 PM
Not to those who know what they're doing. ANY computer system, Linux or otherwise, is hackable. Also, this was an application-level intrusion, so the operating system had very little to do with it.
I meant the reputation, they specifically mentioned Red Hat. Those who don't know what they're doing, i.e. the general population, they're going to think negatively about Linux.

MisterGaribaldi
November 9th, 2010, 02:49 PM
Maybe they can fix all the spelling mistakes while they're in there. Color instead of colour, and so forth. :P

Oxwivi
November 9th, 2010, 05:05 PM
Maybe they can fix all the spelling mistakes while they're in there. Color instead of colour, and so forth. :P
That, sir, is British English.