Singapore police question student in Lee Kuan Yew death hoax
– 1 hour 43 minutes ago
ricky l • Remove
Look like this boy had used web defacement techniques such as :-Reply
(1) Cross-site scripting
(2) Sql injection
etc. - by exploiting the vulnerability (the photo of old announcement) to insert statement to the official site.
This boy is hacking at the programming - application and web layer.
I think he must be caught at the system level and the network level - if he is detected within 24 hours.
Obviously, he is a novice in system & network security - and will be trace and nap very quickly.
Johnny • Report Abuse
It's NOT hacking.
If you've seen the photo, the url of the page still shows "Mrs" instead of "Mr". The real article was regarding the late Mrs Lee.
Source: pmo. gov. sg/mediacentre/press-statement-prime-ministers-office-passing-mrs-lee-kuan-yew
The student is using Google Chrome. So what he did was simply right-clicking on the text - inspect element - edit the text in the coding section.
OR, he simply took a photo of the old announcement and photoshop it.
J
1users liked this commentThumbs UpThumbs Down2users disliked this comment
Regardless, we all condemn what the boy did.
This is no time to joke, prank, or spreading hoaxes about our founding father's health. I hope Mr Lee Kuan Yew makes a full recovery.
ricky l • Remove
@Johnny - went to the URL you indicated. It is the real announcement on Mrs Lee passing - 2010.
But could not find the boy's amended statement on the official site.
If the boy did not hack the website, how did he replace the hacked page into the official website?
r
ricky l • Remove
And cross site scripting, sql injection plus other techniques are ways of acquiring the privilege of the admin access to replace hacked edited webpage over the official web page.
r
ricky l • Remove
System log, access log, security log etc - will be able to time-stamp and date-stamp the unauthorised access and unauthorised action taken.
Anti-web defacement tools plus other security devices such as WAF, HIPS - will be able to detect such unauthorised action.
Network tracing can be done with network information captured by these devices - and this boy source address, system info will be captured and traced.
Johnny • Report Abuse
@Ricky. Exactly. He did NOT hack, therefore the article was NOT amended.
All he did was simply doing a code change in Google Chrome's to show a fake draft page. All he did afterwards was taking a photo with his phone to circulate it.
If you read the article closely, it is already stated: "Police said they believe the youth modified a photo of an old announcement from the prime minister's office and posted the altered image online."
Keywords: modified - photo. No mention of hacking or whatsoever.
Sometimes, you don't have to think so far fetch. Apply Occam's Razor.
ricky l • Remove
@Johnny, in that case the official websites is not hacked and was not replaced with hacked page as I read on some news.
There are no vulnerabilities on the PMO websites - as all vulnerabilities will have been plugged based on previous hacking attempt.
cross-site scripting, sql injection plus other hacking techniques can be protected with correct programming techniques.
Also the myriad of cyber security protection will have caught the intruders real-time - if hacking is done online.
ricky l • Remove
Read the Straits Time news again.
The charge on this boy is not hacking.
It is "making a fake announcement" to spread falsehood through circulating multiple messages."
Then the charge is appropriate.
The above yahoo article mentioned "the statement is posted online" - give the impression that the false statement is posted on the official site online.
ricky l • Remove
To conclude, what this boy do require very little technical skillset to commit.
Editing the web page just need 1 minute or less.
Circulating the edited web page in html is no brainer - because it does not require sophisticated programming skills, system skills and network skills to hack the website - which originally thought "unless the edited web page is posted online in the official site". Then this boy is a real IT whizkid - who can dodge cyberdefense.
But the damage can be huge - as even foreign media thought the edited web page circulated is from official site.
ricky l • Remove
Well the reason why I post is that ---- I thought the previous website vulnerabilities will have been resolved - when previously Anonymous hack the PMO site.
That is why wonder how come this boy can find similar vulnerabilities again - when the loopholes has been plugged?
Evidently, it is not the system vulnerabilities as wrongly understood from the news report.
Then good for our resilient cyber defense.
No comments:
Post a Comment