SA hack attack retaliation: Government brings in own hackers

Beri

Expert Member
Joined
Sep 26, 2006
Messages
4,346
Because they do not have experts in the department that can do anything about it.
 

Peon

Expert Member
Joined
Sep 28, 2006
Messages
3,430
And they probably wont get paid..... will wait and wait and wait and will never get paid by this dirty rotten scum called government.
 

House

Banned
Joined
Aug 17, 2006
Messages
5,482
For those with the knowledge, they will know that Sita has no qualified developers. They will employ any person who has enough knowledge on how to start up and shut down a computer. The agency does not have the funds to employ qualified developers or security analysts. The pressure they now received from the police and government is forcing them to bring in people with a bit more knowledge from the outside.

Unfortunately, these people will also not be able to withstand the full onslaught a group like Anonymous could bring upon servers hosted by them. This will yet again be a futile exercise and a huge waste of money the Government will pump into Sita to employ these 'hackers'.

What they should do is to employ full-time qualified programmers and IT Security personnel. They should re-think the current servers, and start building all Government related websites from scratch. With the right security personnel and well coded websites, they should be in a position to secure government websites and prevent normal hacking practices.
 

Peon

Expert Member
Joined
Sep 28, 2006
Messages
3,430
For those with the knowledge, they will know that Sita has no qualified developers. They will employ any person who has enough knowledge on how to start up and shut down a computer. The agency does not have the funds to employ qualified developers or security analysts. The pressure they now received from the police and government is forcing them to bring in people with a bit more knowledge from the outside.

Unfortunately, these people will also not be able to withstand the full onslaught a group like Anonymous could bring upon servers hosted by them. This will yet again be a futile exercise and a huge waste of money the Government will pump into Sita to employ these 'hackers'.

What they should do is to employ full-time qualified programmers and IT Security personnel. They should re-think the current servers, and start building all Government related websites from scratch. With the right security personnel and well coded websites, they should be in a position to secure government websites and prevent normal hacking practices.

Our governpigsment is only competent enough to read your first sentence.
 

RichardG

Honorary Master
Joined
Apr 6, 2005
Messages
11,687
Only 1 department that is functioning properly is S A R S... They've the budget allocated to them to make things possible.
 

rrh

Expert Member
Joined
Nov 29, 2005
Messages
3,796
sql injection is not a hack attack it's poor coding

+100

SQL Injection is:

  1. The most written-about weakness in websites;
  2. Is the easiest to prevent;
  3. Can be detected using free tools.
and yet is still the most common reason quoted when a website is hacked.

The responsible programmers should not only be fired: they should be sued ...
 

elvis_presley

Expert Member
Joined
Sep 5, 2007
Messages
3,372
For those with the knowledge, they will know that Sita has no qualified developers. They will employ any person who has enough knowledge on how to start up and shut down a computer.

Check their "vacancies" page - if what you're saying is true, then all the junior guys on this forum should apply for those jobs - if they indeed ignore the qualifications and experience then there's some cushy R500k - R1mil/year jobs going for anyone who can turn a computer off and on.

A site having been hacked doesn't indicate the entire organization from top to bottom is useless. These breaches happen - even Apple had a high-profile dead-easy noob hole in its systems a while back - it doesn't make it right, but things slip through the gaps sometimes, and the act of using white-hat hackers is common globally. It's good that we're catching up to the rest of the world in involving these guys.

Edit: Search google news for "sql injection" ... just the first page has injection hacks into Yahoo, various Saudi government websites, and giant sites like LivingSocial. This doesn't provide our government with an excuse for its vulnerability, but we have to put it in perspective.
 
Last edited:

Roadrunner

Expert Member
Joined
Jun 11, 2008
Messages
1,653
Check their "vacancies" page - if what you're saying is true, then all the junior guys on this forum should apply for those jobs - if they indeed ignore the qualifications and experience then there's some cushy R500k - R1mil/year jobs going for anyone who can turn a computer off and on.

Most of us have been deemed unfit by virtue of the specific color of the light spectrum that we reflect, so they can shove those jobs where the sun don't shine and continue to battle the hackers with less skilled employees ad anfinitum.
 

elvis_presley

Expert Member
Joined
Sep 5, 2007
Messages
3,372
Most of us have been deemed unfit by virtue of the specific color of the light spectrum that we reflect, so they can shove those jobs where the sun don't shine and continue to battle the hackers with less skilled employees ad anfinitum.

The few I checked weren't BEE posts. I deal with a number of IT departments of government in my work, from time to time, and it's clear the BEE doesn't apply to these posts. For whatever reason, IT isn't a career path that tons of the ... less reflective South Africans embark on. It's one of the market segments that I see fairly immune to BEE requirements, just based on the labour pool makeup and industry requirements.
 

biometrics

Honorary Master
Joined
Aug 7, 2003
Messages
71,861
Its a hack exploit. Still hacking.

Agreed. But it's low hanging fruit that the lesser skilled can find easily with freely available tools (I'm educated guessing since I've never bothered). Aka script kiddies.

Finding and exploiting zero day buffer overflow exploits takes serious skills.

Btw ghoti, have you seen this? http://www.simseer.com
 

w1z4rd

Karmic Sangoma
Joined
Jan 17, 2005
Messages
49,557
Agreed. But it's low hanging fruit that the lesser skilled can find easily with freely available tools (I'm educated guessing since I've never bothered). Aka script kiddies.

Finding and exploiting zero day buffer overflow exploits takes serious skills.

Btw ghoti, have you seen this? http://www.simseer.com

Ive learnt most of those scripts (especially the more leet ones) require levels of skills and understanding about technologies that doesnt make me brush them off to quickly as kiddies. Buffer overflows usually require some kinda access to the target. Very seldom are they remote 0 days. Which is where the scripts come in.

But yeah, you are 100% right. Low hanging fruit which is why I tuned that hacker I would only respect him if he did something leet, like expose corruption of leak those zuma tapes :D
 

Compton_effect

Honorary Master
Joined
Sep 7, 2006
Messages
12,293
I've had exposure to a few IT departments of government agencies and parastatals. Which is why I now only focus on the private sector.
Those places are toxic and always end with a WTF moment. 'Senior' staff who would not get a real IT job if their lives depended on it, contractors milking them for everything they are worth, a few dedicated and brilliant people keeping things going.... Those places are a dead zone.
I'll never forget the one - (Tall Building in Pretoria, has a lot of empty vaults in the basement and a big picture of the Randela on the side). One contractor was asked to leave a meeting because he wasn't wearing the correct color tie.
 

Unhappy438

Honorary Master
Joined
May 25, 2011
Messages
22,234
Only 1 department that is functioning properly is S A R S... They've the budget allocated to them to make things possible.

Well thats the source of money for corrupt Zuma and the rest of his cronies. If SARS doesnt function properly, no lavish parties or Zumaville.
 

rrh

Expert Member
Joined
Nov 29, 2005
Messages
3,796
Its a hack exploit. Still hacking.
Leaving a website open to an SQL injection attack is roughly the equivalent of leaving your car in public parking with all windows turned down (i.e. wide open) and the keys in the ignition ...
 

Petec

Expert Member
Joined
Mar 22, 2012
Messages
2,692
sql injection is not a hack attack it's poor coding

Exactly! Oh boy the cANCer, has absolutely no clue of the shiitstorm coming their way. Any you know what is going to happen?

Reports like: "Our most valiant efforts of cyber security are being thwarted by these bloody aygents, and as such our Prez4Life™, has just now signed into law, that all internet connections, sms and telephonic communications can be monitored."

*throws hands in air in disbelief*
 
Top