Run a free scan to test your PC's performance now.
 

Security of Malaysian Websites

Filed in: Malaysia, Security — June 17th, 2005

advertisement

theStar website and webmail has found several security vulnerabilities by local hackers. What is the problem with local websites?

Thanks to ShaolinTiger, now I know how easy to hack a theStar email accounts. I am quite surprised that their webmail system is so… hackable. You don’t need any skill to hack, just copy & paste then you own the account! :shock:

On the other hand, another website by theStar - Global Malaysians Network also found several security vulnerabilities. Anyway, it has been fixed, according to the announcement.

Global Malaysians Network is a project to link Malaysian globally. The web design has been reviewed by CheeAun.

Thought:
I don’t remember I have been taught about “secure programming” in college. The college course only teach you how to done it, no matter what method or tricks you use. Security? Never mention. As long as it works then ok lah~

Under such education, we produces a bunch of programmers who only make the things works but ignore the security issues behind it.

On the other hand, most companies do not have awareness of security problem. They add locks to their doors, install CCTV but they forgot their websites. As long as the website looks good(read: fancy flash animation), then it’s fine. Security? I doubt they have ever think about it.

Of course, there are good programmers and good companies (who care about website/software security) but that’s minor group.

By the way, I am NOT security expert. Head to HITB for security advices. :)

Note: Hacking is an illegal activity. Please do not try to hack any website/computer.

Bookmark and Share
What are needed to be a Canon photographer wannabe?

Read also:

« Samsung DVD-V4600 DVD / VCR Combo
New Straits Times Quoted My Words »

What do you think? 4 Responses to “Security of Malaysian Websites”

Comments Feed | TrackBack URL
  1. #1
    Lee Wye Jon Says:
    June 17th, 2005 at 2:29 pm

    Hehe… “Secure programming” or to put it better a focus on security or heck even a strong basic in programming principles will NEVER be taught in our local colleges/universities/colleges masquarading as universities because they don’t care about anything other than the student’s money. There’s a reason why they are called degree mills.

  2. #2
    ShaolinTiger Says:
    June 17th, 2005 at 2:38 pm

    Yeah basic principles, zzz

    Buffer overflows? Huh?

    SQL Injection? Huh?

    If it works it’s ok, if it gets owned, who cares?

    The problem is awareness, btw you should have put my name as link or something so peeps can see the article :)

    How I H4×0red The Star :P

  3. #3
    LcF Says:
    June 17th, 2005 at 3:52 pm

    ShaolinTiger: you sure want to let ppl know ur post huh? I purposely do not publish the link in the post to try to save u from trouble. :)

  4. #4
    ahkiong Says:
    June 17th, 2005 at 6:36 pm

    It’s just a exploit code which are injected to the website in order to see the content or server stuff. TheStar is hosted in a linux or either freebsd server. phbBB and *.php?=*.index will be about to inject too =) Nice job Shaolin

Comments are closed. Submit your comment here