Auda Hacked...

[Drop.com.au]

It would appear someone has hacked the auDa homepage...

Andrew

 

[Blue Wren]

oops

Some nice Tuesday morning work for someone to clean up that mess and establish how it was done.

 

[Mick]

Not a good look for them really...

 

[Blue Wren]

They've cleaned the main part of the issue but the nav bar still says something similar to TWATTER

Image of defaced site here.

 

[Mick]

If this had happened to a registrar shit would hit the fan... but I doubt we'll hear anything from auDA as to how it happened or what they're doing to prevent it, considering they're still using PHP 4.

 

[DavidL]

If this had happened to a registrar shit would hit the fan... but I doubt we'll hear anything from auDA as to how it happened or what they're doing to prevent it, considering they're still using PHP 4.

I think they must give a full and frank account of what happened.

After all they spent god knows how many hundreds of thousands (of registrants' money) in court to take down Bottle Domains after their security breach.

But then again, as we all know auDA answer to no one...

Wonder whether the hackers got every .au registrants details? auDA member details too?

What is PHP4? Very old?

 

[neddy]

I think they must give a full and frank account of what happened.

Absolutely agree David. A full explanation is required.

It's the AGM in Sydney next Monday (which I'm going to), so if no one else asks the question, I certainly will.

 

[findtim]

what do people get out of doing stuff like that? its like graffiti people , they need to spend their time getting some reason for living .

its been mentioned before in another thread that every site should be SSL , but would that have helped ?

tim

 

[atom]

It depends on how the site was compromised Tim. Quite possibly not.

 

[Mick]

What is PHP4? Very old?

It was last updated in 2008, so it's old.

 

[DavidL]

I
What is PHP4? Very old?

I just Googled it and found this from http://en.wikipedia.org/wiki/PHP

On May 22, 2000, PHP 4, powered by the Zend Engine 1.0, was released.[6] As of August 2008 this branch is up to version 4.4.9. PHP 4 is no longer under development nor will any security updates be released

12 year old software....

Membership applications only by fax or mail....

 

[findtim]

Membership applications only by fax or mail....

i had to blow the dust off my shelved fax and plug it in yesterday so i could complete a deal , they wanted my signature on their form which i had to print !!!!! then fax !!!

tim

 

[aus11]

i had to blow the dust off my shelved fax and plug it in yesterday so i could complete a deal , they wanted my signature on their form which i had to print !!!!! then fax !!!

tim

Needed to send a form to the Tax Office the other day and they were the same. Fax or Mail - no email. I don't understand why email isn't good enough but fax is...

 

[Cooper Mills DomainLawyer]

fortunately for auDA they are in the process of building a new website. These are the risks of being online, its happened to our website in the past. Nothing is 100% secure online

 

[payattention]

Not as big a deal as some are making out. The website was defaced. Some of you then suggest registrant details have been stolen. I'd expect to read such suggestions in the smh.com.au tech section, not on here.

Defacements are an every day thing, that's all this is. No big deal.

 

[DavidL]

Not as big a deal as some are making out. The website was defaced. Some of you then suggest registrant details have been stolen. I'd expect to read such suggestions in the smh.com.au tech section, not on here.

Defacements are an every day thing, that's all this is. No big deal.

Oh OK. I'm not technical at all so assumed that if the visual controls of the site had been compromised, the databases it reads from might have been too.

My mistake if there's aren't connected...

 

[neddy]

Just read this on ZDNet:

PayPal, Symantec hacked as Anonymous begins November 5 hacking spree

The press arm for Anonymous has announced that it has begun its hacking spree for the 5th of November - Guy Fawkes Day.

Claims are circulating that hackers - some affilaited with Anonymous, and some not - have dumped user and employee account information on accounts from PayPal, Symantec, the defacement of Saturday Night Live's website, Australian government websites and much more.

 

[StuartB]

Did anyone get a screen dump of the AUDA hack?

 

[johno69]

Did anyone get a screen dump of the AUDA hack?

Yes they did..

Image of defaced site here.

 

[neddy]

Pizza Hut got "dominoed" as well.

On Tuesday night, hackers defaced the Australian website of Pizza Hut and made off with customers' personal data, including names, email addresses and other contact information.

http://arstechnica.com/security/201...t-customers-served-a-deep-dish-of-info-leaks/