Skip to main content

PA websites hacked because of Joomla 1.5 and Wordpress 3.1.3

Communications and Information Minister Yaacob Ibrahim contributed the hacks to the "lapse of maintenance". A blog used the PA sites hacks as a case study and highlighted that they were using very old versions of popular content management software of Joomla 1.5 and Wordpress 3.1.3.

Wrote Knowledge Republic,


"Before i begin, pardon my lousy English, i am not here to teach you English. This page is not to teach you how do you hack other website, but to feed curiosity of those who wonder why or how did those Brazil HackTeam manage to hack Singapore Statutory Body site, when the impression that Singapore give was so high tech Country, the security should be pretty high due to the amount of years that IDA spend on cultivating Security Talent by subsidizing Course fee.

 These Are the Sites that are being Hacked by HighTech Brazil HackTeam
www.pa.gov.sg
southwestcdc.org.sg
yep.nyc.sg
servicelearning.nyc.sg
water-venture.org.sg
cdc.org.sg
app.yep.nyc.sg
ycm.nyc.sg
shine.nyc.sg
nycxtreme.nyc.sg
mesra.org.sg
northwestcdc.org.sg
northeastcdc.org.sg
southeastcdc.org.sg
ycmc.nyc.sg
nyf.nyc.sg"


How old were these version?

Joomla 1.5 was released in January 2008 and we are already now at Joomla 2.5 with Joomla 3.0 available for early adopters.

Wordpress 3.1.3. was released in May 2011 and Wordpress is now on version 3.5.

But what was rather surprising that the blog highlighted the hackers used the same Joomla 1.5 vulnerability that caused the NParks website to be hacked in June 2011.

Knowledge Republic also shared that the Joomla 1.5 was only to be supported till 01 Dec 2012.

As such, why didn't the IT team for the PA sites immediate take action when the NParks website was hacked? Why did it take so long for the IT team to look at updating the CMS versions?


Labels:

Comments

Ric said…
J! 1.5 is widely recognized as unsecure even within Joomla! circles. There been an explosion in the number of exploits for it in the last 6 months.

I think, for owners, one of the big issues with J! 1.5 sites is the cost of migrating to 2.5. There's no easy upgrade path, it's essentially a rebuild.

But, since 1.5 is no longer maintained and it is the subject of numerous well-known exploits, the owners need to suck it up and upgrade.

best,
ric
January 14, 2013 at 9:09 PM
Post a Comment

Popular posts from this blog

Will mrbrown's post on Mr Tan Kin Lian's thermometer app "misadventure" promote technology ageism?

I am not ashamed to say I support Mr Tan Kin Lian as a presidential candidate because I believed in what he stood for. And when Mr Tan posted his "misadventure" with a thermometer app, I did shake my head in disbelief that he did that. Source:   http://www.mrbrown.com/blog/2013/07/we-could-have-had-him-for-president.html Thinking twice, there could be a possibility that Mr Tan misunderstood how this app work. Most  thermometer app take data from various weather stations to display the temperature on it. Yes, the technology savvy will do a #facepalm when they read the post and mrbrown's post demonstrated it perfectly. Wrote mrbrown , "Maybe the former Presidential-hopeful didn't realize he needed to upgrade to the Pro version of the app. Then his iPhone would not only measure temperature, it would also measure current PSI (PM2.5 included), tell you if you are having your period, and cook instant noodles. Good thing he didn't try to measure boil
Post a Comment
Read more

How UOB's Paper Trail Amplifies IT Greatest Security Threat

UOB required you to do everything on paper. If you want to change your mobile number for your banking account with them or for your credit card, you need to fill up a form. Yet, this paper trail represented a potential security fail for the bank - Human Error. So a bitcoin expert walked into UOB to open a bank account. The bank employee had to print a form from a online pdf document to fill in this bitcoin expert's particulars. When it came to entering the bitcoin expert's email, that's when the forgotten art of handwriting was the most obvious of the digital generation. Wrote Robert Capodieci, My name is Roberto Capodieci, as most of you know. and my email address is very obvious to decode. It is not a p4l_l337_s0u1@gmail.com, but it is a more obvious roberto@capodieci.com, thing that, right after reading my name in the same form, should come out easy. Still, a data entry personnel of the UOB bank (or of a service provider the UOB bank uses) entered it as roberto
1 comment
Read more

NEL Train Fault Shouts Lack Of Crisis Communication

The North-East Line train fault of 11 April 2018 was my virgin experience of a rush hour train fault since I moved to Punggol. One would have thought that with the number of train faults experienced by the North-East Line operator, SBS Transit, they would have improved the communications and handling of train faults. However, my personal experience told another story. First, there were no announcements at the Punggol LRT stations of the train fault even though SBS Transit manages them. The train fault was reported as early as 7.10am as I had a friend who was also stuck in the train. I boarded the LRT at Coral Edge around 7.30am and I didn't hear of any announcement nor was there any signage to inform me o the train fault at Punggol Station. Second, the announcement kept saying that there would be a 15 minutes delay, but 15 minutes passed and the trains, on both side, wasn't moving. If the announcement would be more frank to say it will be a longer delay, commuters would
Post a Comment
Read more