PENGGODAM MENGGODAM WEB PEJABAT PERDANA MENTERI

< Wanted: Blogger Contributer | Internet Outage to Malaysia? >

Thursday, June 5. 2008

(Posted by Mel Mudin)

I got this on my instant messenger early this morning (Dubai time). Anyways - the site is down right now. But you can read all about it here. I was surprised that the attacker only supply a link to a static page instead of using a page that is capable of running Lotus Domino command. I guess he's showing his frustrations regarding the petrol hike.

Ayoi, a blogger contributer to security.org.my questions the ethics of the attacker.

Related: Still Vulnerable?

Posted by Mel Mudin at 15:59 | Comments (17) | Trackbacks (0)

Defined tags for this entry: defacement, malaysia

1766 hits

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

That only CSS maa...

#1 Reminder on 2008-06-05 16:09 (Reply)

tu la... XSS pun dia orang tak boleh nak fix...

#1.1 spoonfork (Homepage) on 2008-06-05 16:19 (Reply)

bole tahan lame jugak la nak tunggu fix

#1.2 sid (Homepage) on 2008-06-05 19:50 (Reply)

XSS ke file inclusion heh

#2 Anonymous on 2008-06-05 19:49 (Reply)

hi anonymous,

it was file inclusion. xss was another one, which i blogged and reported to them, and was never fixed.

#2.1 spoonfork (Homepage) on 2008-06-06 03:10 (Reply)

salam tumpang lalu..

pelik gak mcmane website kjaan buleh kene mcmni.pttnya security levelnya musti la tinggi. bajet juta2 takkan le tak bleh nak kasi up security&fasiliti it sume. hahaha

#3 sh4h (Homepage) on 2008-06-05 21:36 (Reply)

jawapannya sebab porklah bodoh..

#3.1 Anonymous on 2008-06-05 21:41 (Reply)

This was just a 5 minutes job, imagine if they spend another few hours they might be able to take full control of the server but that besides the point, and the intension was to deliver the message and i guess the message was heard (within few hours).

RM2.70 = Second Tsunami

#4 riaf (Homepage) on 2008-06-05 22:32 (Reply)

huh... hot n spicy

#5 toyok on 2008-06-06 00:26 (Reply)

rockstarrrrr nyummy

#6 aphesz on 2008-06-06 03:41 (Reply)

http://www.nst.com.my/Current_News/NST/Friday/Frontpage/2260134/Article/index_html

"A special officer to Datuk Seri Abdullah Ahmad Badawi confirmed the incident and said it was an "unsuccessful hacking attempt".

Special officer my ass.
The intention was not to deface but to the delivery the message and to point out to the lazy admins that the site is vulnerable to remote file inclusion (PoC only). This action was harmless and not against the law at all.

I think next time, let them just tapau the whole thing and see what excuse the "Special Officer" will have to say.

#7 riaf on 2008-06-06 09:11 (Reply)

wtf, may day... may dayy....

#8 toyok on 2008-06-06 09:44 (Reply)

i Was wondering, why i haven't heard of that form file that being use for redirection?

How did the RFI got there in the first place. It's been there for long time? or does it really have vulnerable file?

whatever it is, it sure a simple and very CLear message..
Hacking is nothing thou, simple exploit the media and mislead a video or blog by it's content and post a lot of banner also work to send the message... for example.. namwe case

meta word and misleading add-url for SEO also fill the traffic..

#9 buahZaitun on 2008-06-06 13:47 (Reply)

Fixing?? Admin just closed "the shop", duh. Way to go. Well done.

Laman Web ini ditutup buat sementara waktu kerana kerja-kerja penyelenggaraan.

Pejabat ini memohon maaf di atas segala kesulitan yang dihadapi.

This site is currently under maintenance. Sorry for the inconvenience.

#10 chfl4gs_ (Homepage) on 2008-06-06 14:17 (Reply)

admin x g keja kot..ambik cuti beratur isi minyak semalam..

#11 xr4ngk4x on 2008-06-06 16:49 (Reply)

itu lah si Pak Loh ni bodo sangat... apesal dia upah budak2 wannabe programmer p buat website dia... dah tu pakai joomla lagi.. hampeh...

#12 Mahathir M on 2008-06-06 18:43 (Reply)

Joomla? torak hang... bodo ka pa...

)

#12.1 Joomlatorakhang on 2008-06-25 11:05 (Reply)

Add Comment

Before you post a comment, please take note of the following guidelines:

Commenting is provided as a courtesy only.
Please be brief and relevant to the post.
Please be polite even in disagreement with us or others.
Support claims you wish to make using sources and links.
No personal attacks, name calling, or commercial commenting.
Anyone creating false or multiple identities will be banned.
If you don't have a cogent argument, you will be censored.
If you are purposefully deceptive, you will be censored.
No spamming or flooding.

We appreciate your time and effort in contributing to security.org.my
Comment policy copied and modified from Spin Hunters.

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images.
	Remember Information? Subscribe to this entry

DISCLAIMER

All data and information provided on this site is for informational purposes and on an *as-is* basis.

This weblog does not represent the thoughts, intentions, plans or strategies of our employers. It is solely our opinion and views as security professionals.

Feel free to challenge us, disagree with us, or even tell us that we are a complete mindless and brainless monkeys in the comment section of the blog entry.

Report Defacements of Malaysian Website

Report web defacements so that we all can keep track of them! Information here. You can view the reported defacements here.

PENGGODAM MENGGODAM WEB PEJABAT PERDANA MENTERI

Computer and Network Security, Mamak Style

Thursday, June 5. 2008

PENGGODAM MENGGODAM WEB PEJABAT PERDANA MENTERI

DISCLAIMER

Report Defacements of Malaysian Website

Tags

Recent Entries

Archives

Syndicate This Blog

Creative Commons