we all know that websites get hacked. this has become a fact of life for
most of us. even the biggest and baddest internet firms accept this fact
and brace themselves for an eventual attack.
--rant alert--
this inquirer article struck me not because another government site has
been hacked but because of a statement made.
read the article for yourself. but, i do not like the sound of
MIRDC's website was hacked ... had to make do with a three-year-old
"Pentium classic" to run its website ...
point one: pentium classic is muscle enough to host a website that does
not even have the traffic volume
point two: in the ateneo (and i bet some of you too), run 486s as webservers
and routers. that would make a pentium classic a really powerful box
point three: do not blame budget. in anything, the fact of life is that
there is always not enough money. ergo... make do with you have.
i would even like to think that the great minds of PLUG will find more
points to add. what is the cause of this type of thinking? was the
case of MIRDC a case of security neglect? you be the judge.
--end of rant--
--------------------------------------
William Emmanuel S. Yu
Ateneo Cervini-Eliazo Networks (ACENT)
email : [EMAIL PROTECTED]
web : http://cersa.admu.edu.ph/
phone : 63(2)4266001-5925/5904
In Pocataligo, Georgia, it is a violation for a woman over 200 pounds
and attired in shorts to pilot or ride in an airplane.
<HTML>
<HEAD>
<TITLE>Gov�t site, e-mail server ... - July 24, 2001</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF text=#000000 link=#000000 vlink=#0033CC>
<table>
<tr>
<td>
<OAS URL=www.inq7.net/infotech/print@Top!Top>
<script language="JavaScript">
<!--
_version=10;
//-->
</script>
<script language="JavaScript1.1">
<!--
_version=11;
if (navigator.userAgent.indexOf('Mozilla/3') != -1) {
_version=10;}
// -->
</script>
<script language="JavaScript">
<!--
var server = 'amethyst.inq7.net';
var sitepage = "www.inq7.net/infotech/print";
var position ="Top!Top";
if (! (RN)) {
var RN = new String (Math.random());
var RNS = RN.substring (2, 11);
}
var oas='http://' + server + '/RealMedia/ads/';
var oaspage= sitepage + '/1' + RNS + '@' + position;
if (_version < 11) {
document.write ('<A HREF="' + oas + 'click_nx.ads/'+ oaspage + '"
TARGET="_top" ><IMG SRC="' + oas + 'adstream_nx.ads/' + oaspage + '" BORDER="0"
ALT="click ! "></a>');
} else {
document.write ('<SCRIPT LANGUAGE="JavaScript1.1" SRC="' + oas +
'adstream_jx.ads/' + oaspage + '">');
document.write ('\<\!-- --\>');
document.write ('\<\/SCRIPT\>');
document.write ('\<\!-- --\>');
}
// -->
</script>
</OAS>
</td>
</tr>
</table>
<font face="verdana, arial, helvetica," size=1>
this story was printed from
<a href="http://www.inq7.net";>www.inq7.net</a><br><br>
URL:
<a href="http://www.inq7.net/inf/2001/jul/25/text/inf_1-1-p.htm";>
http://www.inq7.net/inf/2001/jul/25/text/inf_1-1-p.htm
</a><br><br>
</font>
<img src="http://www.inq7.net/img/header_infotech.gif";><br><br>
<font color=#000000 face="Arial, Helvetica, sans-serif" size=3>
<b>
Gov�t site, e-mail server <br> breached; budget blamed
</b>
</font><br>
<font color=#666666 face="Verdana, Arial, Helvetica, sans-serif" size=1>
Posted:8:39 PM (Manila Time) | July 24, 2001
<br>
<font color=#000000>
By <a href="mailto:[EMAIL PROTECTED]";>Erwin Oliva</a><br>INQ7.net
<br><br>
</font> </font>
<font face="Times New Roman, Times, serif" size=3>
<p>DUE to the lack of a budget to secure their computer systems, two government
agencies became victims of separate hack attacks.
<br>
<br>The website of the Metal
Industry Research and Development Center (MIRDC) of the Department of Science and
Technology (DOST) and the e-mail system of the Philippine Health Insurance Corp.
(PhilHealth) were recently breached as local hackers found security holes in their
systems.
<br>
<br>In an interview Tuesday, Leah Padiernos, network programmer of the
MIRDC, confirmed that <a href="http://www.mirdc.dost.gov.ph";>MIRDC�s website</a> was
hacked. Interestingly, she admitted that the attack was somehow expected because the
agency�s website was exposed to potential hacks.
<br>
<br>"We don�t have any
firewalls," Padiernos said, adding that the website was defaced during the first or
second week of July. Because of budgetary constraints, she said that the MIRDC had to
make do with a three-year-old "Pentium classic" to run its website.
<br>
<br>"We had
been asking the department for a budget to buy firewalls. But its budget had to be
realigned to more important things," Padiernos added.
<br>
<br>Incidentally, the MIRDC
is being eyed as the pilot e-commerce project of the DOST. The agency has been asking
at least 9 million pesos to finance this ambitious project.
<br>
<br>The MIRDC website
is currently being hosted by PHNet, the Internet foundation funded by the DOST.
<br>
<br>Meanwhile, the other hack attack involved PhilHealth�s e-mail system. According to
reports, it was breached on June 11, 2001. At the time this article was written, the
e-mail system�s index displayed the defacement perpetrated by an unknown hacker.
<br>
<br>In a telephone interview, Leonardo Gabriel, head of PhilHealth�s database
division, was even surprised that INQ7.net learned of the attack.
<br>
<br>"We were
aware of the attack on the website but not on our e-mail system. We didn�t know until
you told us about it," Gabriel said.
<br>
<br>PhilHealth had just installed its
firewall last week, and is now testing it, according to Gabriel. The attack happened
before the government agency was able to install firewalls into its system.
<br>
<br>PhilHealth�s e-mail server is currently housed at the agency�s office in Pasig
City.
<br>
<br>Gabriel pointed out that the agency had been planning to buy
firewalls, but due to budgetary constraints and the delay in acquiring these
solutions, it was only recently that they were able to test the firewalls.
<br>
<br>"It is possible that the hacker might have read e-mail (messages) contained in
that e-mail server," Gabriel said. He, however, could not peg how much damage the
hacker has caused.
<br>
<br>"We still have to investigate," he added.
<br>
<br>Earlier, the agency�s website was defaced allegedly by someone studying at Emilio
Aguinaldo College.
<b><i></i></b>
</font>
<br><font face="verdana, arial, helvetica" size=1>©2001 www.inq7.net all rights
reserved</font>
</BODY>
</HTML>
PGP signature
![http://www.inq7.net/img/header_infotech.gif"](http://www.inq7.net/img/header_infotech.gif"){kind=link}