And with a name like FETA, I was rather expecting it to point to a site in Greece...
Hackers turned the Forth Road Bridge website into a filth jamboree after breaking into its systems to plant script designed to redirect surfers to a Turkish site hosting malware. According to Scottish security outfit Roundtrip Solutions the website of the Forth Estuary Transport Authority (www.feta.gov.uk), which runs the …
Before the inevitable stream of joky comments about porn and the weaknesses of various operating systems start to flow in......
It really is about time that web-hosting organisations got their acts together and took the security of their clients seriously. There's no excuse for selling a service and then failing to be diligent in keeping on top of vulnerabilities. This was no new exploit and proper vunerability management should have picked it up. A lot of large organisations use these people and the get out of jail free card always seems to be 'Oh well, there's no company information held there so its ok'. Well actually, it isnt. These people are creaming large amounts of money of the organisations they serve and they really need to sort themselves out.....
...I've seen this happen before - domains that expire and get snapped up, hacked sites, and they lead to porn.
But does this actually work? Who the hell goes to the web site for Forth Road Bridge, sees porn instead, and goes, "Hey, if there's no bridge, I might as well have a jolly good w*nk!"?
I just don't get it.
"It really is about time that web-hosting organisations got their acts together and took the security of their clients seriously."
While I certainly agree that many organisations need to look a lot more seriously at how they control the security of their equipment and websites, I think it's somewhat heavy handed to just assume that the fault here was with the sites web hosting company.
From the limited information given about what happened here it sounds very similar to a large number of hacks which were done at the end of last year covering thousands of different web sites, pointing visitors towards malicious .js pages to install malware on their machines. In that case it was actually a SQL injection attack that caused the problem, and I wouldn't be suprised if the same was true here.
Now since in many cases (I'd even hazard to say most) the company that hosts the webserver is not the same as the one who designs and develops the website, perhaps you should be directing your annoyance at the developers who are not preventing the SQL injection, rather than the poor hosting guys who have no control over the website code running on their servers.
Look lots of bridges have web sites, for instance:
Yes, I've walked over it. Quite nice on a Sunday Afternoon in summer with ones wife. The problem is that the people who run it seem to want nobody to use it, and keep doing other stupid things (Ferries, Raising tools, etc.). For an (almost) 70 year old it has held up quite well.
p.s. I had an uncle that provided some radios during construction.
Biting the hand that feeds IT © 1998–2021