Launched Wednesday 2nd July, 2003, by the Minister for Communications, Marine and Natural Resources, Dermot Ahern TD, NetSecure.ie is the Irish Government’s official website for its National Awareness campaign on Computer Security.
‘Here you will find some useful tips on how to make your computer a safer place, both in the workplace and at home,’ assured Ahern. ‘By taking on board some simple precautions, we all can enjoy the undoubted benefits of technology and the World Wide Web.’
How ironic, then, that just hours after the launch visitors to the site would were being greeted by spurious content. It seems that the Irish Government’s new computer security information service was anything but secure itself.
Eoghan O’Neill, editor and webmaster of Irish music website, CLUAS.com, quickly discovered the hole in NetSecure.ie’s security, enabling him to add additional content to the site. This was done by constructing a customised URL which pointed to the web server. The ‘customised URL’ made the NetSecure.ie server create a new page upon which O’Neill had full control over what content would appear.
In a totally unrelated incident some months back, most likely perpetrated by an experienced and malicious hacker, a similar technique was used to add pornographic content to the Irish Gallery of Photography website, irish-photography.com. An angry mother rang the gallery to complain about the salacious content her son had accidentally stumbled across on the site. Gallery personnel were unaware of the presence of explicit content on the site and were shocked at what popped up in front of their eyes when they typed in the specific irish-photography.com URL given to them by the complainant. The problem was quickly addressed and the offending content removed.
Fortunately for the Irish Government, O’Neill merely wished to expose vulnerabilities associated with the site. Rather than post distasteful content, he used the opportunity to draw to the attention of the Department of Communications, Marine and Natural Resources, who manage the site, the hole within the site’s security and how this could be exploited by third parties. He demonstrated this to great effect by setting up a page on the NetSecure.ie web server which displayed a picture of Mickey Mouse together with a message delivered under the headline: ‘Irish Govt. launches insecure website about net security’.
O’Neill then wrote to the Department, alerting it of the website’s security vulnerability. The Department has since resolved the security issue. ‘We have checked it out and the NetSecure site is completely secure,’ said Government spokesman, Richard Moore.
05/07/2003
Subscribers 0
Fans 0
Followers 0
Followers