Cyber space poses an important role in the national security. A country should also remember to provide security in cyber space. But the government fails to concentrate on cyber security that lefts most of the government sites vulnerable to hack.
The security breach of Royal Thai Navy website(www.navy.mi.th) is best example for this - the navy of Thailand and part of the Royal Thai Armed Forces.
A hacker with twitter handle @WilyXem has discovered a SQL Injection vulnerability in the Thailand navy website. He managed to exploit the vulnerability and compromised the target database.
Earlier today, the hacker posted a link to the dump in twitter(sprunge.us/YHHf). The dump contains database details including database name, version, table details. He also provided a Proof-of-Concept of the SQL injection vulnerability.
The hacker also leaked 3 tables namely membern, personalacc, personalacc1 that contains username and passwords in plain-text format.
It is really sad to know that the passwords are being stored in plain-text format. But it won't take much time for a hacker to crack, even if there is an encryption. Because they use very weak password.
India will soon have National Cyber security Policy that will ensure appropriate measures to tackle cyber crime and cyber attacks, Indian Government officials said.
"We are working on a cyber security policy. We need more work to curb cyber crimes," SiliconIndia News quoted Minister for Communications and Information Technology Kapil Sibal as saying.
In a press report published today by NIC,Minister of State in the Ministry of Home Affairs Shri R.P.N.Singh in Rajya Sabha stated that Government is taking various measures to ensure necessary awareness and robust security system in all the critical Government agencies.
The officials advised All Central Government Ministries / Departments and State / Union Territory Government to do security auditing of entire IT infrastructure including websites.
To prevent Government websites are being hacked by cyber criminals, NIC will not host websites which are not audited with respect to cyber security.