Monday, November 14, 2005

More on the airport...

My posts on the apparent security weaknesses of Riga International Airport's webserver have generated a freewheeling discussion, alas, in Latvian, which I can sum up as follows:

Anonymous (a frequent visitor representing different identities :) ) says that I am not knowledgeable about IT security issues and didn't know that what was done to the server was cross-scripting, something done by script kiddies and harmless. Although this technique could be used "to steal authentication information and small files" (?!), it would only affect portals with many visitors and not an informative site like www.riga-airport.com, where it could, at worst, be used to deface the site. Your blogger is, to rephrase anonymous, called an IT-ignorant running dog of the yellow press (ROFLMAO).

I reply that according to Wikipedia, cross-scripting is not a trivial problem.

Anon comes back and suggests I look for faults with the website of the Bureau for Protection of the Constitution (a kind of Latvian counterintelligence service).

BH comes in and supports this position, noting that the airport spokesman said a compromise of the intranet was possible, and BH also says that cross-scripting could be used to erase files. on the server.

Anon then wonders whether BH is a white hat hacker (my WhiteHat), which he is not.

So much for that so far...

1 comment:

Anonymous said...

'Sīkdatnes' doesn't mean 'small files', it is official Latvian term for cookies.