Comments on: United Nations, I Hate to Say I Told You So http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/ Giorgio Maone's answers to the Web, the Universe, and Everything Sun, 06 Jul 2008 19:55:22 +0000 http://wordpress.org/?v=2.2.3 By: hackademix.net » PayPal XSSed, Redmondmag.com SQL Injected http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7960 hackademix.net » PayPal XSSed, Redmondmag.com SQL Injected Sat, 17 May 2008 14:03:34 +0000 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7960 [...] the party of the ASP/MS SQL Server sites SQL Injected to serve JavaScript malware. Considering the wide coverage this epidemics enjoyed in the past week, I wonder what a “Certified Professional” [...] […] the party of the ASP/MS SQL Server sites SQL Injected to serve JavaScript malware. Considering the wide coverage this epidemics enjoyed in the past week, I wonder what a “Certified Professional” […]

]]> By: Giorgio http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7919 Giorgio Tue, 13 May 2008 22:15:18 +0000 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7919 @<b>NH</b>: <a href="http://hackademix.net/2008/04/15/cia-operation-ponies/" rel="nofollow">OMG Commies!</a> <a href="http://www.darknet.org.uk/2007/08/the-homeland-security-department-suffered-more-than-800-successful-hack-attacks/" target="_blank" rel="nofollow external" rel="nofollow">Department of Hacked Security</a> at rescue... @NH:
OMG Commies!
Department of Hacked Security at rescue…

]]> By: NH http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7918 NH Tue, 13 May 2008 19:39:49 +0000 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7918 Um and your point is? If any site should be hacked it's the UN. They are the enemies of the USA. Why would you want to help our mortal enemies? Third world Marxists and despots, looking to conquer the world. I guess if they can't even run a website, I have hope for our freedom. Um and your point is?

If any site should be hacked it’s the UN. They are the enemies of the USA.

Why would you want to help our mortal enemies?

Third world Marxists and despots, looking to conquer the world.

I guess if they can’t even run a website, I have hope for our freedom.

]]> By: m3rlin23 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7815 m3rlin23 Sat, 03 May 2008 20:42:27 +0000 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7815 It is true, the UN have done nothing to secure their database. It took me no more than a few minutes using a simple perl script to enumerate every column of every table of quite a few of their databases. We know the sql username, server type, hostname etc.I am always harassing our web developers at work over sloppy input validation but they design sites for small web startups. This is the UN for Christ's sake! It is true, the UN have done nothing to secure their database. It took me no more than a few minutes using a simple perl script to enumerate every column of every table of quite a few of their databases. We know the sql username, server type, hostname etc.I am always harassing our web developers at work over sloppy input validation but they design sites for small web startups. This is the UN for Christ’s sake!

]]> By: Offbeatmammal http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7759 Offbeatmammal Mon, 28 Apr 2008 01:21:04 +0000 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7759 Hey Giorgio - sorry, should have been clearer ... I'd added the "fix" as a comment to my original post (wasn't at home and hate using the web interface to edit posts but pasting into disqus was easy!) our solutions look functionally the same - I suspect yours is more elegant/reliable (it's been a while since I didn't much development in the real world) ironically I first found (and started following) your site a while ago when trying to explain to some folks in a previous job why security actually mattered... this has gone to prove that they should have listened a bit more at the time! Hey Giorgio - sorry, should have been clearer … I’d added the "fix" as a comment to my original post (wasn’t at home and hate using the web interface to edit posts but pasting into disqus was easy!)
our solutions look functionally the same - I suspect yours is more elegant/reliable (it’s been a while since I didn’t much development in the real world)

ironically I first found (and started following) your site a while ago when trying to explain to some folks in a previous job why security actually mattered… this has gone to prove that they should have listened a bit more at the time!

]]> By: Giorgio http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7737 Giorgio Sat, 26 Apr 2008 08:02:33 +0000 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7737 @<b>Offbeatmammal</b>: I couldn't actually see any removal instruction in your post (but I may be blind). Anyway I posted some <a href="http://hackademix.net/2008/04/26/mass-attack-faq/#iis" rel="nofollow">disaster recovery advices for affected IIS administrators</a> yesterday. @Offbeatmammal:
I couldn’t actually see any removal instruction in your post (but I may be blind).
Anyway I posted some disaster recovery advices for affected IIS administrators yesterday.

]]> By: Offbeatmammal http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7736 Offbeatmammal Sat, 26 Apr 2008 04:15:46 +0000 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7736 at least the current nihaorr1 attack is easy to remove once you know you're infected - http://tinyurl.com/6g2a95 - but in this day and age anyone maintaining a site open to this sort of attack really does need to spend some time and money on a code and security review! at least the current nihaorr1 attack is easy to remove once you know you’re infected - http://tinyurl.com/6g2a95 - but in this day and age anyone maintaining a site open to this sort of attack really does need to spend some time and money on a code and security review!

]]> By: hackademix.net » Mass Attack FAQ http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7730 hackademix.net » Mass Attack FAQ Fri, 25 Apr 2008 22:52:49 +0000 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7730 [...] United Nations, I Hate to Say I Told You So 26 04 2008 [...] […] United Nations, I Hate to Say I Told You So 26 04 2008 […]

]]> By: redlab http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7726 redlab Thu, 24 Apr 2008 12:45:58 +0000 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7726 It's prolly just all politics. I wouldn't be surprised that they have to fill in a form and twenty copies and send it to each member of the UN for approval before anything can be changed on the site's code. (at least that's what they do in the EU) It’s prolly just all politics. I wouldn’t be surprised that they have to fill in a form and twenty copies and send it to each member of the UN for approval before anything can be changed on the site’s code. (at least that’s what they do in the EU)

]]> By: Giorgio http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7723 Giorgio Thu, 24 Apr 2008 07:50:47 +0000 http://hackademix.net/2008/04/23/united-nations-i-hate-to-say-i-told-you-so/#comment-7723 @<b>me</b>: should we republish those events back? You know that we could ;) @me:
should we republish those events back? You know that we could ;)

]]>