Global Malaysians Network - problems ahead?
A self styled ethical hacker site found some major problems with the Global Malaysians Network, which allowed hackers to steal members’ personal details at will.
The article sounds a bit confused in writing style, so allow me to copy the whole thing here:
"According to The Hack In The Box site which requires a password, the Global Malaysians Directory Network is an attempt to get Malaysians to network with each other.
So in other words the hack will reveal personal details of countless Malaysians working throughout the world. According to HITB, due to bad programming practices and unchecked variables in the script there are several SQL injection vulnerabilities in the web application that powers the whole thing.
Apparently it was a doddle for an attacker to manipulate the input strings a malicious attacker could potentially compromise the security of the database server and disclose any content within the database including private and sensitive information of the GMN members.
The site contacted the Network and its owner, the rag The Star, on Sunday 12th June 2005 and was ignored. On Tuesday they decided to give them a ring and they got a reply from the Secretariat of the GMN that these things were "being looked into".
The unnamed Secretariat has also decreed that only those who sign in as members will be able to access the Directory. This sign-in will use a secure server with 128-bit SSL encryption."
(By Asia Business Consulting)
The article sounds a bit confused in writing style, so allow me to copy the whole thing here:
"According to The Hack In The Box site which requires a password, the Global Malaysians Directory Network is an attempt to get Malaysians to network with each other.
So in other words the hack will reveal personal details of countless Malaysians working throughout the world. According to HITB, due to bad programming practices and unchecked variables in the script there are several SQL injection vulnerabilities in the web application that powers the whole thing.
Apparently it was a doddle for an attacker to manipulate the input strings a malicious attacker could potentially compromise the security of the database server and disclose any content within the database including private and sensitive information of the GMN members.
The site contacted the Network and its owner, the rag The Star, on Sunday 12th June 2005 and was ignored. On Tuesday they decided to give them a ring and they got a reply from the Secretariat of the GMN that these things were "being looked into".
The unnamed Secretariat has also decreed that only those who sign in as members will be able to access the Directory. This sign-in will use a secure server with 128-bit SSL encryption."
(By Asia Business Consulting)
posted by Andreas @ 6:30 pm
<< Home