Tuesday 16 November 2010

Hacked websites

I have often heard of various websites being hacked, but I have never accidentally stumbled across one. Today, however, whilst looking for a campsite in Stanedge, I went to the Carriage House Inn website (http://www.carriage-house.co.uk/). Their site has been hacked and the front page replaced by a pride screen.

This appears to have been done by a group based at king-hack.com who, I guess, are Saudi-based. Quite why a small pub in the middle of the Pennines caught their ire, I do not know. Perhaps it was just easy game.

Strangely, the website of the White House Inn on Blackstone Edge also appears to have been hacked, not necessarily by the same group.

This sort of thing always makes me slightly nervous about my own website. Web security is difficult at the best of times, and there are many attack vectors that the unscrupulous can use. Writing secure software is exceptionally difficult, especially when using legacy languages such as C that were designed to produce efficient, rather than secure, code. Then you have the problems in  correctly configuring server software, ensuring that software is up to date, and the inevitable human factors play a large part.

At uni a lecturer, seeing that I was already a competent coder (I had worked as a freelance programmer for several years), tasked me to write a simple worm that would spread around the network of computers in the room. This proved to be exceptionally easy using assembler and well-known bugs in the Novell software. Within half an hour, the other computers in the lab all displays my 'Hello World!" message. It was harmless, and I was careful to place limits on what the worm would do.

That was the last time I ever attempted to do anything like that. It just does not interest me, and there is little you can do that will be meaningful and not cause harm. I understand the excitement of hacking, but wish that they would put their energies into more constructive pursuits.

No comments: