Blog|Login|Chinese German Japanese|Follow @imperva
February 09, 2012
 UN Website Hacked
Share

A hacker has posted all the web vulnerabilities they could find on the UN website.  All the details are on pastebin (complete with f-bombs):  http://pastebin.com/ZB4eLVeS.  This episode is another reminder that web security is essential:

"It's web security 101," Aaron Titus, Chief Privacy Officer for Identity Finder says. "This breach seems to be a very simple attack. If this breach was real, they could have prevented this very easily and should have prevented it."

Though we have no evidence, its a safe bet that the UN had IPS, network firewalls and possibly so-called "next gen" firewalls which are virtually useless.  Its amazing that so many security professionals still can't distinguish between application layer vulnerabilities and perimeter protections.

Note that the hacker used Blind SQL injections, something we detailed on February 2nd.

 

Share |

Posted by Rob Rachwald at 10:00:10 AM


Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

« Browser Wars: The Certificate Menace | Main | Cyber Security Tax Breaks? »