EditorialsYoda Advice

Comelec Database Was Exceptionally Easy To Hack – Expert

images-800x450

Even a child could do it

We’re all still reeling from the hack that exposed almost 55 million people to unnecessary fraud risk, and more details of the biggest government related hack are still filtering through. We had a hunch that Comelec’s security surrounding the database of all the voters wasn’t the best, but Troy Hunt, the creator of haveibeenpwnd.com, days that the hackers didn’t have to be geniuses to get the database. 

When asked to describe how easy it was to take the information from the Comelec in an interview in GMA News Online, Hunt responded, “Exceptionally easy. The video I saw showed a SQL injection risk being exploited. This is the biggest—and one of the most well known—risks we have on the web today. It’s also one of the easiest to exploit and we often see children using it to compromise websites.”

Hunt also observed severe security lapses that enabled the attackers to get access to the data.

“There was also definitely no formal security review of the website as these were very obvious flaws. For a government site of this nature, you’d expect to see proper review,” he said.

The worst part is that better security for the database wouldn’t have cost an arm and a leg.

“The secure software development patterns that would have prevented this are free, ” he said.

Source

 

John Nieves

John is a veteran technology and gadget journalist with more than 10 years of experience both in print and online. When not writing about technology, he frequently gets lost in the boonies playing soldier.

9 Comments

  1. Nahahack ang government websites at palpak ang ibang public services dahil sa isang simpleng dahilan corruption. Kung may tamang pondo ang govt agencies, makakakuha sila ng tamang mga tao at equipments para sa physical at cyber securities. Kung hindi nagpapalaki ng bank account ang mga punyetang director ng bawat ahensiya hindi makokompromiso ang public service. Hindi lang ito kasalanan ng national govt kasalanan din ito ng pakurut kurot na kumukupit sa bawat ahensiya. Subukan ng mga hacker na galawin ang singapore websites at death penalty sila kagad sa plaza pagkahuli. Wag maging bobotante pumili ng government officials na pwede tayong gawing first world country at hindi puro press release lang ang panghuhuli tulad ng pagbibigay ng bail kay napoles.

  2. COMELEC HAS TOTALLY LOST
    ALL THE REMAINING CREDIBILITY
    THAT IT BEARS… IF THERE’S
    STILL ANY LEFT.

    THE ONLY HONORABLE
    WAY OUT NOW IS FOR ALL THE
    COMELEC LEADERSHIP TO RESIGN
    & SAVE FACE NOT ONLY FOR
    THEMSELVES BUT FOR COUNTRY
    AS A WHOLE…

    ANYTHING LESS IS UTTER
    STUPIDITY & “KAKAPALAN NG
    MUKHA” !!!

    THE FILIPINO IS HONORABLE…
    HE IS NEVER STUPID
    & NOT “MAKAPAL” !!!

    GETS MO COMELEC ???
    NOW SHOW US YOUR TRUE FACE…

  3. After all of this, “sorry” lang ang sasabihin ng COMELEC…nahiya naman kami sa inyo. Be responsible puro kayo palusot…mga bugok!!!

  4. Tang na tong developer neto, SQL Injection? anong klaseng dev ka? SQL injection hinayaan mong mangyari sa system mo!? (at system pa ng gobyerno!) pooootang na, simpleng preparedStatement di mo magawa!, isa pa tong lintik na COMELEC na to! kinorrupt mo na nga ang budget sa NAPAKABAGAL mong sever, di k man lang naghanap na magaling na developer para sa page nio!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
%d bloggers like this: