[ISN] Internet security in RP remains dismal, says Filipino hacker

InfoSec News isn at c4i.org
Tue Sep 21 05:31:25 EDT 2004


By Erwin Lemuel Oliva
Sept 20, 2004 

"The state of Philippine Internet security sucks," said a Filipino
whitehat hacker known as PI_Flashbulb during an e-mail interview with

This hacker who maintains a weblog under the same pseudonym claims to
have discovered numerous government and private sector websites that
were insecure.

"I am doing this just for fun. I could deface sites easily but it
never ever occurred to me to do it. Black hats immediately deface
sites that they found to be vulnerable. I have decided to go further
than that. Instead of defacing sites, I inform the site owners about
the vulnerability, an action no black hat would dare to do," the
hacker replied when asked about his intentions and motivations.

He said that he was not alone in his effort to increase Internet
security awareness in the country.

He said he is currently gathering other hacker friends to "map the
Philippine websites for vulnerability."

"There are about five people who are helping me map the Philippine
websites for vulnerability. Our number will increase in the coming
days as there are more e-mails whose senders are volunteering to help
me make the Philippine cyberspace more secure," the hacker said.

The Filipino hacker claimed he got the ire of local website
administrators after informing them of their website's

"The country has the best Internet administrators. But what hinders
them from doing their jobs are their superiors who do not know
anything about security; political appointees who cannot do anything
but wait for their fat checks. Good thing there are local Internet
service providers that are willing to teach Internet security for
free," the Filipino hacker added.

According to PI_Flashbulb, most of the Philippine websites he found
hackable were not using a good patch management system. But other
websites were vulnerable because of plain carelessness of the web

"Imagine writing the login and password in the source of the HTML
file," he said.

More information about the ISN mailing list