National Government Servers Hosting Phishing Sites

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via the Symantec Security Response Blog.

[snip]

In recent months, Symantec has detected a number of phishing sites that
have been hosted on government URLs. In June alone, phishing sites were
identified on government sites from the following countries: Thailand
(.go.th), Indonesia (.go.id), Hungary (.gov.hu), Bangladesh (.gov.bd),
Argentina (.gov.ar), Sri Lanka (.gov.lk), Ukraine (.gov.ua), China
(.gov.cn), Brazil (.gov.br), Bosnia and Herzegovina (.gov.ba), Columbia
(.gov.co), and Malaysia (.gov.my).

This might come as a surprise to some people, as governments are thought to
have very secure computer systems. However, the quantity of phishing sites
hosted on government domains around the world seems to suggest otherwise.

[snip]

More:
http://www.symantec.com/enterprise/security_response/weblog/2007/07/governm
ent_servers_hosting_phi.html

Note:

While this is not really news to anyone working in the security
industry, it may indeed be news to others outside of those circles.

It does, however, illustrate that the state of website security is
amazing poor these days, and websites that appear to be "official"
are not immune to compromise if they implemented poorly and/or
insecurely.

$.02,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)

wj8DBQFGlnjzq1pz9mNUZTMRAraZAKCEWppyDqLgPlViO0iIVBrvVMdAkwCglFij
G7GzlHkaB6SkCTffcUlzwYM=
=Zk5J
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.