On DOST-ICTO, PH Government Websites Security and PDAF Piggyback Conspiracy Theory

I stumbled upon some announcement via Official Gazette. It’s some sort of preso from DOST-ICTO discussing compromised government websites and the need for secure web hosting (see quoted text below). As much as possible I avoid writing about politics here at menardconnect.com. But just like with the RA 10175: Philippines Cybercrime Prevention Act, I will take some exception and write about it here as this topic got multiple intersecting interests of mine (haxing, infosec, security, and philippine politics). Quoting Official Gazette:

DOST-ICTO: Hacked government websites highlight need for secure web hosting

From the Department of Science and TechnologyInformation and Communications Technology Office
Published: August 26, 2013. Latest update: August 26, 2013.

The hacking of at least thirty government websites of supposedly local hacker groups sympathetic to today’s pork barrel protest action highlights the need for secure web hosting for government agencies and services.

DOST – Information and Communications Technology Office Executive Director Louis Casambre mentioned that: “This recent spate of website defacements goes to shows the serious need for the Government Web Hosting Service (GWHS ) especially since gov’t websites will more and more be leveraged to deliver public services.”

Administrative Order 39 (AO39) was enacted on 12 July 2013 mandating all national government agencies, government financial institutions, and government-owned and controlled corporations to have their websites hosted under the new GWHS which will be provided by the DOST ICT Office. “GWHS development is progressing and will be online as scheduled as per AO39.” Usec. Casambre Added.

The webpage defacements are deemed to be a protest action supporting the Million People March in Luneta. “No critical online services were affected and it seems that it wasn’t the intention of the community to cripple critical information dissemination websites and services of the government. We would like to request our hacking community not to target such sites.” said Casambre.

The Information and Communications Technology Office of the Department of Science and Technology is the Philippine Government’s lead agency on ICT related matters. Its primary thrusts are in the ICT Industry Development, eGovernment, ICT policy development, Internet for all and Cybersecurity

 

Read full text and links at

http://www.gov.ph/2013/08/26/dost-icto-hacked-government-websites-highlight-need-for-secure-web-hosting/

Now my personal comments and insights:
1. First, this is good news. Any move improving the security posture of the government (and government websites) is welcome news for me and a lot of Filipinos out there. I just hope that your agency continue this with concrete actions.

Now on to more serious stuff…
2. As The Black Eyed Peas song goes… “I’m so three thousand and eight, You so two thousand and late.” Yes, this announcement is so 2000 and late!!! As I tweeted earlier in twitter (“Huli man daw at magaling. LATE PA RIN“). Nuff said on the timing.

3. Trigger for this PR: Hacking of at least 30 government websites in relation to the recent pork barrel/PDAF protest actions.

Why single out the recent 30-ish defacements? Are you DOST-ICTO folks doing some piggyback on the popularity of pork barrel/PDAF protests and issue?

Piggyback and Pork BarrelAng galing pala ng word-combo ko kaya ilalagay ko sa title yung PDAF/Pork Barrel Piggyback Conspiracy Theory!!!
4. Quote and quote “We would like to request our hacking community not to target such sites“, said Casambre.
To Usec. Casambre, are you really sure you are requesting for this??? Official statement at request nyo po ba talaga ito? Baka kase misquoted lang.

5. RE: <DOST-ICTO> is the Philippine Government’s lead agency on ICT related matters. Its primary thrusts are in the ICT Industry Development, eGovernment, ICT policy development, Internet for all and Cybersecurity.
I am amazed by the keywords and buzzwords for this government office. “lead agency” + “primary thrusts” + “Cybersecurity“. But given the technical depth and logical reasoning  on this PR all I can say is “Oh my!!!”
Seriously, DOST-ICTO folks may need to rethink and re-strategize (and then synchronize the overall plan with the PR/Marketing machine). My 2 cents…

Before I end this post, some disclosure:
I work at Trend Micro. The views expressed in this blog post are my personal opinion and do not represent my employer’s positions, strategies or opinions.
To know more on what I do full-time kindly visit my linkedin page and my blogs about page.
To know more about my blog’s full disclosure policy, kindly visit my blog’s disclosure page.

World of Warcraft Patch 5.4: Siege of Orgrimmar

Blizzard posted the official trailer of WoW Patch 5.4: Siege of Orgrimmar this week. Yes Orgrimmar will be under siege by both The Alliance and The Horde (see my previous post related to this topic)

wow-5-4-sieg-of-orgrimmar
Image: screencap from Youtube video

It’s really exciting so I am sharing it here at menardconnect.com. Watch it:

Here is the transcript of the Siege of Orgrimmar video (courtesy of Feronar from US-Lightbringer Server with some minor edits c/o me)

Garrosh Hellscream (G.H.): Hmmm… it thirsts. Bring it to the pools!
Taran Zhu (T.Z.): Enough!!! You have run rampant for far too long, Hellscream. But that stops now.
G.H.: Hahahahaha… Step aside, Pandaren. You confront a force beyond reckoning.
T.Z.: Your father dabbled in powers beyond reckoning. Where is he now?
G.H.: Rrrryyaaaaahhhh!
T.Z.: I have fought beside the Tauren, Trolls, and others. You are nothing like them!
G.H.: They are no longer a part of my Horde!
T.Z.: The world will hear of this. *cough* They will come for you.
G.H.: Yes. I’m counting on it. The armies of the world will come for me, and within my fortress, they will face all the terrible creatures I have wrought, the boundless power I have mastered, and one by one, they will fall at my feet. Anyone who would rise against my new horde will be impaled upon the spires of Orgrimmar! You, Pandaren, tried to bury your hate and your anger, but such power can not be contained. It must be unleashed!
T.Z.: A time will come when you will answer for your crimes!
G.H.: I answer to no one!
G.H.: All who challenge me will burn in the fires of my hatred!!!

Some video highlights for me:

1:20: I love how Taran Zhu taunts.

1:43: Gorehowl up for grabs!

1:55: In your face! Take that Garrosh!!!

Lowlights at 2:16 and 3:06 🙁

The youtube video was published on August 15, 2013. Quoting the description in youtube:

The official trailer for World of Warcraft Patch 5.4: Siege of Orgrimmar.

Garrosh Hellscream’s treacherous excavation of the Vale of Eternal Blossoms has finished with sinister results — not just for Pandaria, but for all Azeroth.

In a compound beneath Ragefire Chasm, Garrosh has infused his followers — the ‘true Horde’ — with the pilfered essence of the Old God Y’shaarj. With the power of a primordial world-twisting force at his command, Garrosh can rebuild the Horde in his image: strong, obedient, and, most importantly, ‘pure’.

Vol’jin’s attempts to lead Horde rebels into the capital of Orgrimmar haven’t gone unnoticed — and the mightiest heroes of the Alliance have stepped in to siege one of their enemies’ most prized cities. Will the Alliance be content with overthrowing a despot, or will they crush the Horde at one of the most vulnerable points in its history?

New Raid: The Siege of Orgrimmar
– The Siege of Orgrimmar is a 3-wing, 14-boss raid for max-level players, which will call you to take down Warchief Garrosh Hellscream at the head of a host of Azeroth’s finest.

New Raid Mode: Flexible
– Raid with a group of friends and guild mates regardless of server, and with any group size from 10 to 25, and the difficulty will automatically adjust to provide an appropriately challenging experience.

New Feature: Proving Grounds
– Undertake solo trials to practice or learn a new class role (Tank, Healer, or Damage). Each trial is available in multiple difficulties — Bronze through Gold and the challenging ‘Endless’ mode.

New Zone: The Timeless Isle
– Giant outdoor zone promoting open-world adventuring with tons of hidden treasures, giant creatures to defeat, five world bosses, a pet battle tournament, and much more!

Legendary Quest: Judgment of the Black Prince
– The epic conclusion to the Legendary quest line will see players rewarded with unique cloaks imbued with powerful new abilities.

New Feature: Connected Realms
– Lower population realms will be permanently and seamlessly “linked.” Players on the same Connected Realm will be able to trade, send and receive mail, join the same guilds, access a single Auction House, run the same Raids and Dungeons, and join other adventurers to complete quests.

PvP: Redesigned Arena System
– Arenas are no longer tied to specific Battlegroups, and players no longer need to create or join an Arena team to compete. Similar to the Rated Battleground system, players in a party of the appropriate size can queue.

I have watched related videos and it got very interesting storyline. Will do a follow up post on this patch over the weekend 🙂 For now I need to do some training and preps!!!

For more details on the World of Warcraft Patch 5.4: Siege of Orgrimmar kindly visit

http://us.battle.net/wow/en/blog/10158897

To end this post: let me leave some one-liner to Garrosh: “We will come for you and you will answer for your crimes!!!”

Power User Group Shoutout: Mac Power User and DirectPass 2.0

Are you a Mac power user?

Do you want some free Trend Micro gift items?

Do you want some Sodexo Gift Checks?

If you’re answer is YES to the questions above, then I’ve got great news for you…

My teammates at TrendLabs will be having a Mac Power User event on Saturday, August 17, 2013 1pm-4pm. They are looking for tech-savvy Mac owners who would like to participate in some intensive and exciting testing with our Mac OS security solution, DirectPass 2.0, a password management solution.

directpass_boxshot

Image Credit: www.trendmicro.com

So what is DirectPass?

Trend Micro™ DirectPass™ is Trend Micro Password Manager solution. It manages website passwords and login IDs in one secure location, so users only need to remember one password. Other DirectPass features include: keystroke encryption, secure password generation, and a secure browser.

You think you fit that criteria for Mac Geek? then register via this surveymonkey link

All qualified participants who will attend the Power User event will get a Trend Micro gift item and Sodexo GC. If you are really lucky + uber-geeky and can find some critical bug, you might also win bigger prizes.

Registration closes on Friday August 16, 2013, 12 noon (GMT+8)

Feel free to forward this blog post to your friends (online and in-real-life), family members, relatives or classmates to share this wonderful opportunity with them. If you have Facebook/Twitter/Google+/Linkedin/etc, feel free to share/tweet/+1 this blog post too so that others can know about it.

And of course the traditional disclaimer at the end of the post:
I work at Trend Micro. This blog post is _NOT_ a paid post by Trend Micro. The information contained in this post is taken from Trend Micro Beta Team members. To know more on what I do officially full-time kindly visit my about page or visit my linkedin page. To read my blog’s disclosure policy, kindly visit my disclosure page.