Computer and Network Security, Mamak Style

Website: Joomla-My Forums

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Website: University Teknikal Malaysia Melaka.
URL: http://www.utem.edu.my/proxytest.pac

Ever since the introduction of the new namespace character for PHP a few months back (which in my limited programming experience, is anti-programming and counter-intuitive), I've made a conscious decision to dump PHP and focus on Python*. The various inconsistencies in PHP, either in its design, architecture, or even its philosophy, has contributed a lot of bad codes, and one prime example is in the screenshot above.

Here's the truth: writing secure code is hard. Here's a complimentary fact: writing secure code is expensive. PHP has made writing code faster and cheaper, and unfortunately, less secure. New iterations of PHP, instead of focusing on security, aims to make writing codes, especially to beginners, more confusing. Just take the namespace character - more bad codes to come. Interestingly Microsoft .NET (starting with version 2) does the opposite - it attempts to make writing code easier and more secure without trying to impose secure coding practices on the programmer.

However, the fault does not lie on PHP alone. There are a few things that can be done to prevent hacks like above.

1. Secure the PHP installation - apply the Suhosin patch, set open_basedir restriction, etc etc
2. Secure the web server - run the webserver inside jails (or chroot), install mod_security
3. Practice secure coding

No 1 and 2 are cheap. You can pelt this at your system administrators as many times you like. No 3, no matter how much investment you make (training, verbal abuse, top money for experienced programmers, etc) does not guarantee that your website will not get hacked.

* I am not claiming Python is more secure, but I believe a cleaner and clear code construct will contribute, or at least make writing secure code easier.

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

This is from y0nd13's posting. I received a similar one, but with a different subject and a different introductory paragraph. y0nd13's subject and email body look like this:

Subject: [URGENT NOTICE] Your account has been temporarily limited!

Dear valued customer,

We are hereby notifying you that, after a recent review of your account activity, it has been determined that you are in violation of CIMB Bank's Acceptable Use Policy. Therefore, your account has been temporarily limited for: video chat. We must properly verify your account again.

While the one I got:

Subject: Account under investigation - Action required!

Dear CIMB Bank customer,

We are hereby notifying you that we've recently suffered a DDos-Attack on one of our's Internet Banking server. For security reasons you must complete the next steps to verify the integrity of your CIMBClicks account. If you fail to complete the verification in the next 24 hours your account will be suspended.

These types of messages, while obviously phishing emails, just don't make sense. Banks don't monitor your account activities, they monitor transactions, and they don't provide you accounts with video chat capability.

The first result (http://bombapahang.gov.my/images/image/89117.php) gives you a HTTP 404 error. The second one brings you to http://www.23search.org/?r=%22naughty+girl%22+site%3A.gov.my

In addition, the website has directory indexing on, so you can see what kind of malicious pages are hosted on the website (some are no longer there as I believe the relevant authorities are cleaning up the website):





Related: Jabatan Bomba dan Penyelamat Negeri Selangor Serving Spams.

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.

Check out the screenshot of the Google search below:





The first link, as of 5:33 pm (December 2nd), points to http://www.23search.org/?r=warez+OR+%22free+games%22+OR+noadware+site%3A.gov.my+

Some of the links are no longer there as I believe the relevant authorities are cleaning up the website.

The adware (possibly malwares) are not directly hosted on pidm.gov.my website itself, but the website has been "trojaned" with HTML pages that redirect users to the malware download site.

PIDM stands for Perbadanan Insurans Deposit Malaysia, or Malaysia Deposit Insurance Corporation.

DISCLAIMER: All the information related to computer crimes (i.e. defacements) contained in security.org.my were either collected online from public sources or directly notified to us. Security.org.my is neither responsible for the reported computer crimes nor it is directly or indirectly involved in them.