En Wed, Jul 25, 2001 at 09:14:02PM -0700, Percy escribio:
#_ I think this is the URL...
#_
#_ http://www.inq7.net/inf/2001/jul/25/inf_1-1.htm
I hope PLUGERS don't mind but here is a plain text version of the story. I
suggest MIRDC get Mandrake 8.0 + updates + Bastille and they read the
firewall HOWTO. They can use one of their "Pentium classics" for this.
Blaming it on the budget is b**ls**t!
this story was printed from www.inq7.net
URL: http://www.inq7.net/inf/2001/jul/25/text/inf_1-1-p.htm
[header_infotech.gif]
Govt site, e-mail server
breached; budget blamed
Posted:8:39 PM (Manila Time) | July 24, 2001
By Erwin Oliva
INQ7.net
DUE to the lack of a budget to secure their computer systems, two
government agencies became victims of separate hack attacks. The website
of the Metal Industry Research and Development Center (MIRDC) of the
Department of Science and Technology (DOST) and the e-mail system of the
Philippine Health Insurance Corp. (PhilHealth) were recently breached as
local hackers found security holes in their systems.
In an interview Tuesday, Leah Padiernos, network programmer of the MIRDC,
confirmed that MIRDCs website was hacked. Interestingly, she admitted
that the attack was somehow expected because the agencys website was
exposed to potential hacks. "We dont have any firewalls," Padiernos
said, adding that the website was defaced during the first or second week
of July. Because of budgetary constraints, she said that the MIRDC had to
make do with a three-year-old "Pentium classic" to run its website. "We
had been asking the department for a budget to buy firewalls. But its
budget had to be realigned to more important things," Padiernos added.
Incidentally, the MIRDC is being eyed as the pilot e-commerce project of
the DOST. The agency has been asking at least 9 million pesos to finance
this ambitious project.
The MIRDC website is currently being hosted by PHNet, the Internet
foundation funded by the DOST.
Meanwhile, the other hack attack involved PhilHealths e-mail system.
According to reports, it was breached on June 11, 2001. At the time this
article was written, the e-mail systems index displayed the defacement
perpetrated by an unknown hacker.
In a telephone interview, Leonardo Gabriel, head of PhilHealths database
division, was even surprised that INQ7.net learned of the attack. "We
were aware of the attack on the website but not on our e-mail system. We
didnt know until you told us about it," Gabriel said. PhilHealth had
just installed its firewall last week, and is now testing it, according
to Gabriel. The attack happened before the government agency was able to
install firewalls into its system. PhilHealths e-mail server is
currently housed at the agencys office in Pasig City.
Gabriel pointed out that the agency had been planning to buy firewalls,
but due to budgetary constraints and the delay in acquiring these
solutions, it was only recently that they were able to test the
firewalls.
"It is possible that the hacker might have read e-mail (messages)
contained in that e-mail server," Gabriel said. He, however, could not
peg how much damage the hacker has caused.
"We still have to investigate," he added. Earlier, the agencys website
was defaced allegedly by someone studying at Emilio Aguinaldo College.
�2001 www.inq7.net all rights reserved
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ o-oh, I think I'm in trouble.
--
Juan Miguel Cacho [EMAIL PROTECTED]
Philippines
...the poor count their blessings, the affluent count their calories.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
