Feeds

Hackers hijack UK.gov wiki

Environment contract party - will it have cake?

Top three mobile application threats

An attempt by a UK cabinet minister to discuss proposed environment policy using a wiki has ended in embarrassment after pranksters made merry at the expense of the Department for Environment Food and Rural Affairs' (Defra).

Tech-savvy environment secretary David Milliband was left with egg on his face after his department's draft "Environment Contract" wiki was edited to include spurious entries poking fun at the initiative.

Hours after publication of the policy, pranksters launched dozens of attacks against the wiki, hosted on Defra's official website. The heading for discussion "Who are the parties to the environmental contract?" became, "Where is the party for the environmental contract? Can I come? Will there be cake? Hooray!"

Responses to the question of "what tools can be used to deliver the environmental contract?" solicited the illuminating answer: "Spade, Organic Yoghurt Stirrer, Old washing up liquid bottle, Sticky Back Plastic."

Hackers suggested the correct tools to "create the right incentive frameworks" included a "Big stick" and an "Owl magnet".

Less light-hearted responses included criticisms of the government's use of taxes for "little tangible improvement" to citizens' quality of life. An image of a Swastika was posted in another attack. Around 170 spurious entries were reportedly made to the site.

As defacement archive Zone-h notes, the misuse of the government wiki was an accident waiting to happen.

"The reason why there were so many intrusions was in the structure of the document's page itself that used an editing technique which is very similar to the one of Wikipedia, that is, all the users with basic skills could get into the page and do whatever they wanted with the content," it reports.

After failing to stem the attacks, government sys admins purged the offending entries and temporarily disabled new entries.

Milliband said the attacks have not put him off the idea of using wikis for future policy consultation exercises.

"I gather that we have demonstrated the extreme openness of the wiki by playing host to some practical jokes plus a swastika. Strange how some people get their kicks. But the experiment will continue," he writes in an entry to his departmental weblog. ®

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.