ANCYL.org.za must probably be the most frequently hacked site in South Africa, and every time it happens everyone has a huge laugh and celebrate like they just blew up the Death Star and it’s party time in The Republic. I on the other hand get chills down my spine.
Let’s face it, anyone with some time on their hands and a decent head on their shoulders can learn html, php, css, sql, javascript and slap together a site. Not long and some clever folk might even consider to sell their services to the first willing client, and because there is such a huge demand out there they are bound to get at least a dozen or two before they finish high school.
The result is that the internet is filled with millions of websites oozing with security problems. The biggest issue is that most of them go completely undetected by both the clients and the creators, then all of a sudden one day out of the blue a slightly more clued up bloke with a point to prove or just for the-hell-of-it comes along and replaces your homepage with “0Wn3d”.
The reality is that most developers treat web-security rather casually because most of them have never really faced a need to think about it too much. An alarmingly large number of them also have never been taught about security, even those from the most prestigious institutions.
So perhaps it’s time you start teaching yourself web-security the way your future attackers picked up their skills… learn how to hack. There are a number of training grounds for young hackers on the web, hackthissite.org probably one of the more well known. Go find some video tutorials, spend some time on some forums, read some blogs and books on web-security. And once you know the basics make it part of your development process and hack your own websites to iron out vulnerabilities.
Sure the earlier attacks on ancyl.org.za have not been very sophisticated but they have become increasingly more so. The guys behind the ANCYL website are fairly well educated blokes based on their company site, but they have been ravaged by hackers over the years. This could happen to any of us, so pull your head out of the sand make damn sure you know the threats out there.
If we have learnt anything from the last year is that even the largest organizations from the FBI to Sony can be brought to their knees by a guy behind a glowing LCD screen. We are all at risk. Be warned.