Skip to main content

PA websites hacked because of Joomla 1.5 and Wordpress 3.1.3

Communications and Information Minister Yaacob Ibrahim contributed the hacks to the "lapse of maintenance". A blog used the PA sites hacks as a case study and highlighted that they were using very old versions of popular content management software of Joomla 1.5 and Wordpress 3.1.3.

Wrote Knowledge Republic,


"Before i begin, pardon my lousy English, i am not here to teach you English. This page is not to teach you how do you hack other website, but to feed curiosity of those who wonder why or how did those Brazil HackTeam manage to hack Singapore Statutory Body site, when the impression that Singapore give was so high tech Country, the security should be pretty high due to the amount of years that IDA spend on cultivating Security Talent by subsidizing Course fee.

These Are the Sites that are being Hacked by HighTech Brazil HackTeam
www.pa.gov.sg
southwestcdc.org.sg
yep.nyc.sg
servicelearning.nyc.sg
water-venture.org.sg
cdc.org.sg
app.yep.nyc.sg
ycm.nyc.sg
shine.nyc.sg
nycxtreme.nyc.sg
mesra.org.sg
northwestcdc.org.sg
northeastcdc.org.sg
southeastcdc.org.sg
ycmc.nyc.sg
nyf.nyc.sg"


How old were these version?

Joomla 1.5 was released in January 2008 and we are already now at Joomla 2.5 with Joomla 3.0 available for early adopters.

Wordpress 3.1.3. was released in May 2011 and Wordpress is now on version 3.5.

But what was rather surprising that the blog highlighted the hackers used the same Joomla 1.5 vulnerability that caused the NParks website to be hacked in June 2011.

Knowledge Republic also shared that the Joomla 1.5 was only to be supported till 01 Dec 2012.

As such, why didn't the IT team for the PA sites immediate take action when the NParks website was hacked? Why did it take so long for the IT team to look at updating the CMS versions?


Comments

Ric said…
J! 1.5 is widely recognized as unsecure even within Joomla! circles. There been an explosion in the number of exploits for it in the last 6 months.

I think, for owners, one of the big issues with J! 1.5 sites is the cost of migrating to 2.5. There's no easy upgrade path, it's essentially a rebuild.

But, since 1.5 is no longer maintained and it is the subject of numerous well-known exploits, the owners need to suck it up and upgrade.

best,
ric

Popular posts from this blog

Why is Ramly Burger banned in Singapore?

Yahoo Singapore ran an article of the Ramly Burger by highlighting that it is ban in Singapore.

Yet, the writer from Makansutra failed to address the most important issue of why the Ramly meat patty is banned in Singapore.

A search online easily did highlight that the famous Malaysian meat patty is banned by the AVA but didn't go into details.

Wrote Arlina Arshad for The Straits Times in January 2004,

"But the importing of beef and beef products from Malaysia is not permitted, said theAgri-Food and Veterinary Authority (AVA).

Selling and supplying them without a permit is also an offence, and offenders can befined as much as $50,000 or jailed two years, or both, said the AVA."

In May of the same year, another article highlighted that a man was even charged in court for "smuggling" the Ramly burger in 2004.


"The AVA said that meat products processed in Malaysian food factories which it had notapproved were banned here.Suzali was yesterday jailed for four month…

Did She Run Or Did She "Just Fake It" For Adidas?

Andrea Chong, a Adidas appointed influencer, posted a photo of herself in the middle of the Standard Chartered Singapore Marathon 2015 and captioned how she was "all smiles" during the run.

Unfortunately for Andrea or the PR agency, one of her readers checked her bib number #75148  at the Marathon's website only to find it to belonging to somebody else.

That somebody else is Kuvin Kuar, a intern at Edelman PR and the bib number had a status "DNF" or did not finished.

This raised the first red flag as one of the rules stated that "A Participants is strictly not allowed to transfer his or her race entry to another party".

This cascaded into perceptions that Andrea herself did not even start or complete the race and was only "planted" by Adidas or the PR agency, Edelman PR, to look pretty in the marathon.

Marketing Magazine noted that Adidas declined to comment about the incident which lead to further speculation that Andrea was possibly just …

Kudos To Huawei 2 Year Warranty For P9 Series

When it comes to smartphones, I think I am jinxed.

For my history of owning smartphones, every time it comes close to the end of the two year contract with my mobile service provider. This time round, it happened to my Huawei P9.

All of a sudden, the LCD screen sort of decolourised. I thought it was a temporary issue but the decolourisation lasted for a few hours. Then the nightmare began.

The touchscreen couldn't be touched. This made it the smartphone a brick.

I thought the Huawei P9 only had one year of warrant. With my contract ending in mid-year, I thought I would have to wait it out till the contract ended and allowed me to buy a new phone under a contract.

Luckily, a friend reminded me that the phone came with a 2 year warranty.

So I decided to go to the Huawei service center, right smack in the center of the city, to see if my phone is under warranty and if Huawei would honour their 2 year warranty.

Thankfully, Huawei isn't as popular as the Samsungs or Apples, and the …