Yah oso security basics to keep government offices, and the Prime Ministers Office more secure than so it can't be brought down ('for routine maintenance' of course) by a teenager. Now... what about someone/thing with some real mal-intent and the expertise behind it... what havoc could they wreak? To me, that is the wider point of note, that of course will be swept under the carpet.x9200 wrote:Nothing mentioned above should ever happened. It is just security basics to keep such services apart from the Internet.
SINGAPORE EXPATS FORUM
Singapore Expat Forum and Message Board for Expats in Singapore & Expatriates Relocating to Singapore
Amusing.... Singapore to Hunt ‘Anonymous’ hackers
Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.
It's a completely different security level. If a teenager hacks a web page it is just within the category of loosing face. There are no other consequences of it so a commonly available software is used. It may have holes and bugs as any software and it can be exploited because it's available.JR8 wrote:Yah oso security basics to keep government offices, and the Prime Ministers Office more secure than so it can't be brought down ('for routine maintenance' of course) by a teenager. Now... what about someone/thing with some real mal-intent and the expertise behind it... what havoc could they wreak? To me, that is the wider point of note, that of course will be swept under the carpet.
For anything more critical there has to be right balance between accessibility and security and this includes this basic point: is there any reason why it should be hooked up to the Internet? If there is a need of remote communication I would rather expect a separate (physically) network to be built.
The worse the crisis they have facilitated, the more vital it is that they (not be sacked) but they use their unique knowledge to remedy the situation. After all (the theory goes, I think), only they can know how full of holes the system they created actually is.
However perverse, this is not an unusual argument.
p.s. What if Mossad, play at being a bunch of teenagers?
However perverse, this is not an unusual argument.
p.s. What if Mossad, play at being a bunch of teenagers?
Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. You're much too logical of a person and are applying that logic to IT, where people sadly aren't always logical. When it comes to SCADA, too many under-qualified managers have made the security vs availability calculation on their own and decided that it must be on the Internet so it can be reached remotely NO MATTER WHAT DAMNIT in case there is a problem and it needs to be fixed.x9200 wrote:Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.
This will be controversial but I came to believe today that the whole thing about PM Lee's website being hacked by 'anon' is a false flag attack. The Gahmen has been trying to raise support (unsuccessfully) amoungst the populace for it's new internet policies and I think some sycophant cooked this up.
SCADA should never be on a shared network. However you're right... too many people link it in. The other that pisses me off is idiots thinking they need to run a browser on the internet AND their production plant mimic on the same PC.zzm9980 wrote:Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. You're much too logical of a person and are applying that logic to IT, where people sadly aren't always logical. When it comes to SCADA, too many under-qualified managers have made the security vs availability calculation on their own and decided that it must be on the Internet so it can be reached remotely NO MATTER WHAT DAMNIT in case there is a problem and it needs to be fixed.x9200 wrote:Yep, I believe you but we are talking about national power grid and the main country airport and air traffic control. If any of these was vulnerable to any form of Internet attack this would be IMHO a very good reason for the whole government to resign. I believe they are more than intelligent to take care of it.
Years ago, when I was supporting Firewalls, one of the minor govt agencies engaged our product for some solutions.zzm9980 wrote:Are we talking Singapore specifically or infrastructure in general? If the former, then yes I suspect they're at least adequately air-gapped from the internet and are beyond the reach of script kiddies. If the latter, then no don't be so confident. ..
They had it so tight, when one of the Hard disk failed, they refused to return the failed HDD even though we needed it for RMA and investigation ..
And for another product, when one of the rules couldn't be supported, the Agency simply paid the vendor the full amount and just junked the stuff in the corner, than 'accomodate' the change, which would have not complied with requirements ...
And that was a very minor minor agency .. and that was more than 9 years ago ..
I am sure they have tightened up stuff much more in the 9 years since ...
to those who believe that on 5th November SG Govt domains was downed .. personally I don't think so ..
If they were quick to admit part of PMO's website being hacked, .. why hide the larger story then ? just sayin ,..
Seems rather a coincidence. The hackers left a 'You've been hacked' message on the PMO website. So that cannot be denied. I see no mention of them also doing so on the other sites that went down at the same time.ecureilx wrote:
to those who believe that on 5th November SG Govt domains was downed .. personally I don't think so ..
If they were quick to admit part of PMO's website being hacked, .. why hide the larger story then ? just sayin ,..
Unannounced 'routine maintenance' across several government sites, during working hours on a weekday, at the same time as the PMO is hacked? That seems unorthodox, and one heck of a coincidence, don't you think?
- sundaymorningstaple
- Moderator
- Posts: 39773
- Joined: Thu, 11 Nov 2004 1:26 pm
- Location: Retired on the Little Red Dot
I don't think, in view of the threats, that it was coincidental at all. I would have shut 'em down for maintenance as well. This would have had a two-fold reason, one, to take down the target that the Anon would have been looking for and two, make sure they have hardened their defenses as best as they can under the circumstances. Makes sense to me. I'd have done the same thing.
SOME PEOPLE TRY TO TURN BACK THEIR ODOMETERS. NOT ME. I WANT PEOPLE TO KNOW WHY I LOOK THIS WAY. I'VE TRAVELED A LONG WAY, AND SOME OF THE ROADS WEREN'T PAVED. ~ Will Rogers
Maybe this gives a broad overview, of a developing picture... ?
http://en.wikipedia.org/wiki/October_20 ... berattacks
Looks like they got into the Istana site and AMK Town Council.
'Disruptions had occurred Saturday on more than a dozen of Singapore’s government-run websites, resulting in loss of accessibility for several hours. Authorities blamed the incident on technical difficulties that occurred during maintenance, though a self-proclaimed Anonymous member—in an email to U.S. Internet firm Yahoo Inc.'s Singapore news arm—has claimed responsibility for the disruptions.'
http://blogs.wsj.com/searealtime/2013/1 ... ster-says/
I think it was a government assertion (reported elsewhere in the media) that all these sites were down for 'routine maintenance'*, that caught my attention.
I wonder if all agencies that had their site taken down, share the same IT infrastructure. What ever happened to trigger this problem, that would seem like a significant risk/vulnerability.
Edit to add:
* http://www.euronews.com/newswires/21927 ... er-threat/
and
http://singaporedesk.blogspot.sg/2013/1 ... truth.html
http://en.wikipedia.org/wiki/October_20 ... berattacks
Looks like they got into the Istana site and AMK Town Council.
'Disruptions had occurred Saturday on more than a dozen of Singapore’s government-run websites, resulting in loss of accessibility for several hours. Authorities blamed the incident on technical difficulties that occurred during maintenance, though a self-proclaimed Anonymous member—in an email to U.S. Internet firm Yahoo Inc.'s Singapore news arm—has claimed responsibility for the disruptions.'
http://blogs.wsj.com/searealtime/2013/1 ... ster-says/
I think it was a government assertion (reported elsewhere in the media) that all these sites were down for 'routine maintenance'*, that caught my attention.
I wonder if all agencies that had their site taken down, share the same IT infrastructure. What ever happened to trigger this problem, that would seem like a significant risk/vulnerability.
Edit to add:
* http://www.euronews.com/newswires/21927 ... er-threat/
and
http://singaporedesk.blogspot.sg/2013/1 ... truth.html
Last edited by JR8 on Sat, 09 Nov 2013 3:30 pm, edited 1 time in total.
Those types of requirements are relatively common in IT Policies, and aren't really indicative that they have their shit together or not. It just means that someone wrote a rule, and they weren't going to budge from. Maybe the risk vs cost calculation supported that decision, or maybe no one thought to dare deviate from the written rules and make that calculation. The latter scenario is quite common in Singapore and Asia, I'm sure most of you would agree.ecureilx wrote: They had it so tight, when one of the Hard disk failed, they refused to return the failed HDD even though we needed it for RMA and investigation ..
And for another product, when one of the rules couldn't be supported, the Agency simply paid the vendor the full amount and just junked the stuff in the corner, than 'accomodate' the change, which would have not complied with requirements ...
And that was a very minor minor agency .. and that was more than 9 years ago ..
Gahmen want to unmask some of the perpetrators? Just modify the article to sound slightly condescending towards the attackers, or change facts to diminish what they accomplished. Come back in a few hours and see who edited it to change back.JR8 wrote:Maybe this gives a broad overview, of a developing picture... ?
http://en.wikipedia.org/wiki/October_20 ... berattacks
SG Government if you're reading, I'm available for part-time consulting at a low hourly rate. PM for details.

- Max Headroom
- Reporter
- Posts: 911
- Joined: Wed, 08 May 2013 11:31 am
- Location: Singapore
- Contact:
-
- Similar Topics
- Replies
- Views
- Last post
-
- 4 Replies
- 4251 Views
-
Last post by sundaymorningstaple
Mon, 05 Mar 2018 10:38 pm
-
-
Hired overseas for Singapore Company but stay in Singapore
by kevin_gray » Wed, 07 Mar 2018 1:53 pm » in Careers & Jobs in Singapore - 7 Replies
- 3962 Views
-
Last post by kevin_gray
Thu, 08 Mar 2018 8:18 am
-
-
-
Malaysians working in Singapore will be allowed into Singapore soon?
by abbby » Wed, 10 Jun 2020 9:31 am » in Business in Singapore - 0 Replies
- 1595 Views
-
Last post by abbby
Wed, 10 Jun 2020 9:31 am
-
-
-
Can Singapore citizens work in International Schools in Singapore?
by doitenah » Thu, 23 Jul 2020 1:06 pm » in Careers & Jobs in Singapore - 5 Replies
- 2331 Views
-
Last post by PNGMK
Sat, 25 Jul 2020 3:48 pm
-
-
-
Singapore EP or Australia PR or Singapore PR
by anujhbaggha » Wed, 10 Mar 2021 12:00 pm » in Staying, Living in Singapore - 8 Replies
- 2933 Views
-
Last post by PNGMK
Thu, 11 Mar 2021 2:07 pm
-
Who is online
Users browsing this forum: No registered users and 4 guests