[ insider_reports_insider ]
U.N. Lets Site Stay Vulnerable For Two Years (And Counting)
Doug Caverly
Staff Writer
2009-08-14
 Insider Reports RSS Feed
Regardless of his (or her) politics, the average security professional should probably have a pretty low opinion of the United Nations. There's word that a vulnerability hackers exploited about two years ago remains unfixed on the U.N.'s site.
 | | U.N. Lets Site Stay Vulnerable For Two Years (And Counting) |  |
Yes, the entity that is to some degree in charge of international law and humanitarian affairs has let a problem that's already troubled it once go unaddressed for a little over 730 days. We can wait to continue while you stockpile food, water, and weapons, if you like.
Now, for some details. In August of 2007, the U.N.'s site was hacked via an SQL injection bug, and statements issued by U.N. Secretary-General Ban Ki-moon were replaced by messages protesting the actions of the U.S. and Israel in the Middle East.
This week, Robert Graham took a look at the U.N.'s site and noticed, "[T]hey STILL haven't fixed the SQL injection vulnerability that led to their defacement. Hackers can still deface their website at will."
He then continued, "There are a couple lessons here. The first is that no matter how simple the fix, organizations like the UN cannot do it. Despite the fact a high-school intern can fix the bug in 5-minutes, the bureaucracy means that the organization must spend tens of thousands of dollars . . . . The other lesson is that the cost of NOT fixing the bug is low. The UN can simply live with the problem, and clean up after every hack."
About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
