Royal Navy Website Hacked
On Softpedia we read that:
A hacker claims to have gained full access to the website of the British Royal Navy and the underlying database through an SQL injection attack.
The public disclosure was made by a Romanian self-confessed security enthusiast who uses the online handle of “TinKode.”
TinKode writes that he did this on the 5th and has blogged about it here.
The hacker even decrypted the hashed password for the user called “admin,” posted it in plain text. Suffice to say that it’s ridiculously simple and in no way appropriate for a military website.
EyeNote: the password was “password1“. Twats.
The site is for PR and recruiting purposes only and is probably civvie-maintained, so all this has really achieved is the turning over a public service information site with non-critical data in the name of notoriety. After all, TinKode has a history of going for non-critical low-security sites with a military profile.
But, non-critical regardless, it does make the MoD look even more like a bunch of morons than usual. Someone should get a roasting for this one.
You mean they actually HAD a password? – Most people seem surprised that I have password protected my PC’s and my phone…..
Well the tabloids have a nasty habit of, for example, hacking the unsecured voicemails of celebrities and influential go-getters, so as a natural target you’re very sensible to take precautions!
“celebrities and influential go-getters” – What me??? You’re ‘avin a larfff….
“admin”
“password1”
Who wants to bet that “lessons will be learned” from this?
Ah yes, the harmless phrase meaning that a stern finger-wagging was given.
If I’d done this as a db admin I’d expect (and deserve) to be muttering as I emptied my locker for the last time by now.
They will be different to the sort of lessons wot i larnt at skool back in the dim distant past!
It won’t involve a detention, or a whack from teachers slipper, either…
From a Telegraph blog on the subject
Incensed Why is our armed service(s) advertising itself … can’t they get on with defending the bloody realm.
antoncheckout @incensed: They need to reach out inclusively to worldwide stakeholders of all ethnic origins and orientations employing an accountable nexus of best practice parameters and transparent performance target indicators – as any fule kno. 🙂
Yesterday 08:42 PM Recommended by 7 people
ps lessons being learned
They should consider themselves lucky that they are able to post that message, and not find visitors being redirected to a p0rn site….