Feeds

Hacker sinks Royal Navy website

SQL injection exploited by serial military site 'show-off' hacker

Combat fraud and increase customer satisfaction

The Royal Navy's main website has been taken offline following claims by a Romanian hacker that he broke into the site, swiping the login credentials of administrators in the process.

The hacker, TinKode, posted information on the web to support his claim to have penetrated the site, www.royalnavy.mod.uk.

Royal Navy website is down

The Royal Navy replaced its website with this static image.

TinKode has previous form for breaking into the website of military organisations. He had previously published data on SQL injection vulnerabilities in sites run by the US Army and (separately) information about security holes on Nasa's website, net security firm Sophos notes.

Sophos reckons the attack was motivated out of mischief rather than anything more nefarious or malign, such as an attempt to plant malicious code targeting surfers visiting the site, many of who could be expected to work in the defence industry.

"This hack was more about showing off and embarrassing people," a Sophos spokesman explained. Sophos reckon TinKode broke in using a SQL injection vulnerability on the jackspeak* blog.

The site is primarily designed to publicise the Navy's work and to act as a point of contact for recruitment. It's very unlikely that any confidential much yet secret material was kept on a public facing website.

Nonetheless the attack is hugely embarrassing, not least because it happened less than a month after defending against cyber-attacks was ranked alongside combating international terrorism as the two highest priorities for UK national security at the end of the National Security Strategy review. ®

* Jackspeak is a term for navy slang - eg "It's warmer in here than a jan dockie's starboard oggy pocket" (translation: It's quite warm). Thanks to former Navy officer turned Reg defence correspondent Lewis Page for this insight into navy life.

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.