Fwd: A message wrote by a hacker in the Ministry of Foreign affair site

Bikal KC bikal at ubuntu.org.np
Sun Jun 22 17:24:24 BST 2008 

Hi suraj,

suraj wrote:
> ---------- Forwarded message ----------
> From: rajan kharel <najar_85 at hotmail.com>
> Date: Sun, Jun 22, 2008 at 12:10 AM
> Subject: A message wrote by a hacker in the Ministry of Foreign affair site
> To: ioebe2061 at googlegroups.com
> 
> 
> 
> 
> "First of all thanks for deleting the notice I posted yesterday on the front
> page.I hope you might have tried to find where the mistake was and how i
> entered the site and put that message on the front page.Of course you made
> some changes too.But Is that enough?? I am not a hacker and don't have any
> motive to harm the site. Being a nepali it was my duty to inform you guys
> about the dangers.So I wrote an email to admin but there were no changes on
> the site even after a month. so I had to put that message on the front page.
> Please look for all the possible holes and try to avoid my messages ont he
> front page. REMEMBER DELETING THE POST IS NOT ENOUGH You may mail me if you
> find any dificulty. I will be available for help whenever you ask.
> I AM NOT INTERESTED IN DELETING OR ALTERING ANY DOCUMENT IN THE SITE"
> 
> 
> plz click here for details: http://mofa.gov.np/# moreover this site is
> developed by yomari.
> Be ware of hacker........hehe

Yeah. It's kind of shame/sad that website of such importance do not protect themselves well enough 
with today's standard procedures. AFAIK, it boils down to these -
- What is the budget of Nepalese govt. to spend on Information Technology?
- What is the manpower? enough?
- How enthusiastic are the system admin about the system they help run 24/7/365? Or, rather what's 
the "paranoid level" of the sysadmins? :-)
- How are secure programming principles/practicality being enforced/used on/by the programmers?
- Are deployed systems being patched/updated regularly?
- Are deployed systems being protected properly using hardware/software firewall, antivirus, IPS/IDS?
- Are staffs being educated about the environment they work in? (social engineering attacks)

These are some of the basic questions that rings my mind and without these basic enforcers, any 
system on the internet is vulnerable.

cheers

More information about the Ubuntu-np mailing list