United Nations vs SQL Injections

Giorgio Maone writes "The United Nations web site has been defaced by 3 crackers who replaced the speeches of the Secretary-General Ban Ki-Moon with their own pacifist message. This article briefly analyzes the exploited vulnerability and the technology used on the server, both quite surprising to find in such a high profile site."

Is it really a big surprise?

[background image]

This article briefly analyzes the exploited vulnerability and the technology used on the server, both quite surprising to find in such a high profile site.

Maybe it's not such a surprise, considering that

• they've used MS Word to make their 'down for maintenance' page
• the code (not including the image) for that one sentence page is > 11k...

Re:What a lie

[sholden]

Or the standard page when the web monkey flips the "maintenance mode" switch...

Plus I'm sure they scheduled the downtime (for right now) after they noticed the crack.

Re:Surprising?

[LurkerXXX]

Did you not read the article at all? This had nothing to do with patching the system. It had to do with them hiring someone who never bothered to learn about SQL and security. It had nothing to do with the tools/system used. It had to do with incompetence of the person hired to set it up.

SQL Injection and Blind SQL Injection Info

[mrkitty]

http://www.cgisecurity.com/questions/sql.shtml [cgisecurity.com]
http://www.cgisecurity.com/questions/blindsql.shtm l [cgisecurity.com]

Many other papers on the subject
http://www.cgisecurity.com/development/sql.shtml [cgisecurity.com]

Re:Is it really a big surprise?

[SplatMan_DK]

weicco, I think his point is that an IT organization that uses 11 Kb of rubbish-style HTML code generated in MS Word to write "Down for scheduled maintenance" on a web page is likely to treat their server security issues with the same "professionalism". :-)

- Jesper

And Jews violated more laws under the Nazis, too

[Anonymous Coward]

Since when was a UN resolution worth more than the paper it was written on?

And let me guess. You supported a coalition of over 30 countries banding together and overthrowing a corrupt despot who not just violated but utterly ignored almost 20 UN resolutions over a period of a decade or so.

Riiiight. Suuure you did.

So, the UN is only important to you when it comes to supporting the genocide of Israel?

Ignorant jackass.

Re:Surprising?

[LurkerXXX]

I've seen exactly the same in many many companies where I've been called in to clean up the mess. Hiring of incompetent staff is by no means limited to government.

Re:And Jews violated more laws under the Nazis, to

[Dunbal]

Since when was a UN resolution worth more than the paper it was written on?

      Since no one (cough America) listens to the UN anymore. This is hardly the UN's fault. Just like the league of nations, it has no power to enforce its mandates. Blame the countries that refused to empower the UN.

Our agreements? The struggling Parliament of Man

[Etherwalk]

As a nation, the US has made numerous commitments to the UN, and that includes agreements to follow things like the Universal Declaration of Human Rights. When we *agree* to follow International Law, we ought to, don't you think? Especially when we're heavily involved in creating that law in the first place?

The fact is that the UN, while it does have a lot of problems, is also far more effective and dare-I-say-it even important than most people in the US ever give it credit for. It's far from a perfect system, but it's still the best we have. We're one of the rich kids on the playground, and one of the strong kids on the playground, and we don't always enjoy what the student government wants to do--so we turn away from it sometimes. But that doesn't mean that it isn't important, or helpful, or that it doesn't, sometimes, do what's right. And that doesn't mean we shouldn't work with it, sometimes, and give it more credit for what it does and tries to do.

Instead, we tend to discount it. Because sometimes we don't like what it says about us or others in the playground, and because it's politically convenient (and salable) for our leaders to emphasize our strength and autonomy, all of our accomplishments and our not-inconsiderable military and economic muscle, and all of our pride. Some degree of Nationalism isn't a terrible thing, and we do have a lot to be proud of--but we also still have a lot to do, and to accomplish, as a nation and as members of larger world, and pretending the other children on the playground are irrelevant doesn't help us to do those things.

Also, don't you want the Universal Declaration of Human Rights to apply to US Citizens in a US Court or on the streets? The Bill of Rights is getting stretched more thinly every day, and the anti-terrorist effort (though directed in part by well-meaning people) is cutting swaths in our Constitution.

--Me

The subtlest change in New York is something that people don't speak much about but that is in everyone's mind. The city, for the first time in its history, is destructible. A single flight of planes no bigger than a wedge of geese can quickly end this island fantasy, burn the towers, crumble the bridges, turn the underground passages into lethal chambers, cremate the millions. The intimation of mortality is part of New York now: in the sound of jets overhead, in the black headlines of the latest edition.

All dwellers in cities must live with the stubborn fact of annihilation; in New York the fact is somewhat more concentrated because of the concentration of the city itself, and because, of all targets, New York has a certain clear priority. In the mind of whatever perverted dreamer who might loose the lightning, New York must hold a steady, irresistible charm.

It used to be that the Statue of Liberty was the signpost that proclaimed New York and translated it for all the world. Today Liberty shares the role with Death. Along the East River, from the razed slaughterhouses of Turtle Bay, as though in a race with the spectral flight of planes, men are carving out the permanent headquarters of the United Nations -- the greatest housing project of them all. In its stride, New York takes on one more interior city, to shelter, this time, all governments, and to clear the slum called war. ...

This race -- this race between the destroying planes and the struggling Parliament of Man -- it sticks in all our heads. The city at last perfectly illustrates both the universal dilemma and the general solution, this riddle in steel and stone is at once the perfect target and the perfect demonstration of nonviolence, of racial brotherhood, this lofty target scraping the skies and meeting the destroying planes halfway, home of all people and all nations, capital of everything, housing the deliberations by which the planes are to be stayed and their errand forestalled.

-- E.B. White, from "Here Is New York," 1948

Re:What?

[Anonymous Coward]

From the article:

If only prepared SQL statements were used properly, this embarrassing incident would have been easily prevented.
And yes, prepared statements are available even in the very obsolete ASP "Classic" + ADODB Microsoft setup they're using. (screenshot)

The UN was ineffective because it relied on Microsoft. Microsoft, btw, is a US company.

Re:Hackers vs The General Assembly

[Anonymous Coward]

Shame on you, let me explain why: INFO: As a matter of fact Israel is the only real democracy of the area and is sorrounded by enemy nations for religious matters. The last one is Lebanon (a muppet-state with apparently no powers on its own territory). In lebanon there is a "official" army hitting Palestians refugees and another Islamic army (Hezbolla) which is financed by other nations and likes to advocate the death of israelis and send casual ballistic missiles on "enemy" cities. Palestinians like to detonate on public transport, discos and markets, of course even they have a array of missiles. They are thorn between islamic extremism and extreme terrorism. Iranians one day and the next one are treatening the distruction of Israel. They had a workshop on the allerged Sionist control of the world and are opening working on a Atomic Bomb design with the blessing of the idiotic pacifists of half the world. In this context there you go blaming them for disrespecting all those resolutions that basically say "for the sake of peace let the islamics kill you". So i take that applying the same logic no-one can criticise the USA preventive war on terror which basically is "for the sake of peace we kill them first". Also people tend to forget that with Congo and Sudan it is clear that the ONU it's not doing its job. For your consideration: http://www.youtube.com/watch?v=uhWgZu6tcZU [youtube.com]

Re:What?

[Atlantis-Rising]

The exact quote you presented supports the opposite view- it was a failure of administration, not a failure of technology.

Re:Hardly a surprise

[rtaylor]

And finally the good ol' fact that the people who work there are usually not the creme of the crop, the best of the best and the spearhead of excellence, or they'd be in free enterprise making more money.

You often get what you pay for. The population demands low paid government workers then wonders why they get low quality government work completed.

Re:Hackers vs The General Assembly

[Hitto]

I'll bite, anon.
You may have noticed that in all of Israel's neighbors, you would be hard-pressed to find ONE secular state, or even a functioning democracy.
Whereas in Israel, fundamentalist nutjobs do get fined or jailed whenever they stir up trouble. They don't get to evade the law when they excise their daughters, slay victims of rape in "honor killings", lapidate adulterers, etc, etc, etc.

Re:Hackers vs The General Assembly

[Anonymous Coward]

I do not deny that the jews was in that area of land before Islam even existed.

But if the jewish people have the god given right to take the land now owned by someone else because they was there first. A lot of people will have to move out of there own country.

The 3 main ones off the top of my head -

America - native Americans
England - celts
Australia - aborigines.

why ain't we giving them back the land? 2 of the 3 mentioned was within the last 300 to 100 years and even in the last century.

To say they have the right to destroy the government that was in place is insane. They should of done what _any_ civilized society would of done with the situation, immigrated and merged with the current society that was in place.

Re:Our agreements? The struggling Parliament of Ma

[MvD_Moscow]

You really need to lay off the theory and try living in the real world.

Now let's pretend for a minute that 'positive liberty' is all BS. Let's pretend that the libertarian ideology on liberty is the most moral one. Let's say UN implements your Libertarian Declaration of Human Rights.

Now how will that be a step in the right direction for the freedom and safety of mankind (pretty big words for statement devoid of any arguments)? Do realize that no one will even care about this document, let alone even paying lip service to it's requirements. The vast majority of the earth couldn't give a flying fuck about your rants on positive and negative liberty. Fuck, most of them are so poor that they can't really have a debate on this issue.

Try explaining the dangers of positive liberty to an illiterate African kid. Try telling him that the government should not be building school or hospitals because that means richer people will have to pay more taxes and it increases government involvement in the individual's life. Most people don't care about your Ivory tower rants. People want education and healthcare. People don't want to see their kids dying from something stupid like malaria. People want at least baseline prosperity.

Don't get me wrong, I am not really arguing against libertarian ideology. I am just pointing out that libertarian views on positive liberty issues is a extreme view than is not shared by the majority of the population of our planet. And it doesn't matter whether they are right or wrong.

Okay, forget positive liberty issues. Let's look at social liberalism, you would think there would be more consensus on this one, right? So how are you planning to force all nations on the planet to ratify a document that would essentially legalize the vast majority of illegal drugs (if not all, I guess it depends how hardcore you are about such things, I don't know, I don't really see the point in recreational use of heroin)? Hell, we have troubles legally enforcing the current declaration because many muslim nations like making exceptions (I am beating your wife is right, no? What kind of barbarian would want to ban something like that?), I am not even talking about practical implementation of the current declaration.

The UN isn't about world peace and prosperity and promoting rights. It's about comprising and trying to find a mutually acceptable solution while at the same time trying to advance freedom/prosperity.

I don't even know why I wrote this. You're just a naive little American, with no understanding of the world around him. Your one size fits all attitude is just laughable. It's because of people like you that I don't like libertarians. Libertarians are kind of like communists in a way, flip side of the same coin.

Re:Our agreements? The struggling Parliament of Ma

[MrSteveSD]

It's far from a perfect system, but it's still the best we have.

The UN is really a complete affront to democracy. It's effectively a five country dictatorship. You have 5 countries which can veto the will of all the world's countries and they can never be removed from their position on the Security Council. They can also veto the appointment of a UN Secretary General, even if the rest of the world wants that person for the role. It's amazing really that the media do not direct their attention at the UN's completely undemocratic structure rather than just its operational failures (which often stem from that structure).

I mean, what's more outrageous. That some UN officials have been corrupt in the past or that the organisation is itself a dictatorship?

Re:And Jews violated more laws under the Nazis, to

[Planesdragon]

Seriously, is it possible any more to even pretend that the UN is anything but a forum for tinpot dictators and other nameless losers to bitch, complain, and blame the west for all of Earth's problems?

That's, ah, er, the point of the United Nations. Avoid World War III by making a place where every nation can come and bitch to the rest of the world.

All the rest of it is just gravy.