Communications and Information Minister Yaacob Ibrahim contributed the hacks to the "lapse of maintenance". A blog used the PA sites hacks as a case study and highlighted that they were using very old versions of popular content management software of Joomla 1.5 and Wordpress 3.1.3.

Wrote Knowledge Republic,


"Before i begin, pardon my lousy English, i am not here to teach you English. This page is not to teach you how do you hack other website, but to feed curiosity of those who wonder why or how did those Brazil HackTeam manage to hack Singapore Statutory Body site, when the impression that Singapore give was so high tech Country, the security should be pretty high due to the amount of years that IDA spend on cultivating Security Talent by subsidizing Course fee.

These Are the Sites that are being Hacked by HighTech Brazil HackTeam
www.pa.gov.sg
southwestcdc.org.sg
yep.nyc.sg
servicelearning.nyc.sg
water-venture.org.sg
cdc.org.sg
app.yep.nyc.sg
ycm.nyc.sg
shine.nyc.sg
nycxtreme.nyc.sg
mesra.org.sg
northwestcdc.org.sg
northeastcdc.org.sg
southeastcdc.org.sg
ycmc.nyc.sg
nyf.nyc.sg"


How old were these version?

Joomla 1.5 was released in January 2008 and we are already now at Joomla 2.5 with Joomla 3.0 available for early adopters.

Wordpress 3.1.3. was released in May 2011 and Wordpress is now on version 3.5.

But what was rather surprising that the blog highlighted the hackers used the same Joomla 1.5 vulnerability that caused the NParks website to be hacked in June 2011.

Knowledge Republic also shared that the Joomla 1.5 was only to be supported till 01 Dec 2012.

As such, why didn't the IT team for the PA sites immediate take action when the NParks website was hacked? Why did it take so long for the IT team to look at updating the CMS versions?


1 comments

  1. Ric  

    January 14, 2013 at 9:09 PM

    J! 1.5 is widely recognized as unsecure even within Joomla! circles. There been an explosion in the number of exploits for it in the last 6 months.

    I think, for owners, one of the big issues with J! 1.5 sites is the cost of migrating to 2.5. There's no easy upgrade path, it's essentially a rebuild.

    But, since 1.5 is no longer maintained and it is the subject of numerous well-known exploits, the owners need to suck it up and upgrade.

    best,
    ric



Recommended Money Makers

  • Chitika eMiniMalls
  • WidgetBucks
  • Text Link Ads
  • AuctionAds
  • Amazon Associates