Reported To CERT-IN,CERT Hacked Site:Directorate of Technical Education, Mumbai India
by Siddharth Bhattacharya, System Admininstrator at IISc on Jan 10, 2010
- 1,411 views
Reported to CERT-IN.ORG.IN, CERT.ORG ...
Reported to CERT-IN.ORG.IN, CERT.ORG
The chat page is the most vulnerable part of their website
The page content can be changed to show objectionable content/Virtual Defacing
Some Porn Image/Video/IFRAME content can be easily inserted on the site.
Thereby wreaking havoc on chat part of Website.
Using say …
Infinite Looped Auto Refresh on Chat Page can be introduced.
Multiple Popup Windows increasing traffic on Web server and slowing it down if possible.
Sophisticated (Wanted) Criminals with Computer Forensic Knowledge, can pass on encrypted messages on chat part to communicate with each other in coded language. Without letting anyone know their location/coordinates, even if their email IDs are under the scanner by Interpol/CBI/NIA/CID etc.
Web Client (visitor’s) identity is also at stake.
Visitor’s Browsers, can be redirected to install spyware based plugins/installers from a hacker’s rouge site for displaying forged web content which got artificially embedded into chat section.
e.g: Flash Player (approx 1.5MB(from original site))/Java Plugin(Approx 15MB standard(from original site))
These visitors could end up having machines, acting as key-loggers/screen shot capture zombie machines with rootkits ready to be remotely monitored/synchronized and remotely controlled.
Possibilities of Phishing Attack.
Possibilities of Cross Site Scripting, gathering intelligence about Cookie values etc. XSS cannot be ruled out.
Severity and Impairment of Operations: Could be High
If conditions are created, that this causes dte servers with load balancing to cross Load Test + Stress Test threshold objectives, for which it was engineered to serve,
Results could imply, failure to serve thousands of Indian Nationals/Citizens/Kids in India and Abroad.
Imagine such a situation, when students all over India are coming in to check exam results etc ...
(Important Critical Moments)
Height of irresponsibility & Stupidity
Plz Respond & Act
Indians cannot Accept their Technical Education (If it really stands for it) to be such a soft target.
- Total Views
- Views on SlideShare
- Embed Views