The ObUK website has been hit now a few times by hackers, and although peoples passwords are not openly being displayed on the site, a determined hacker could get hold of them.
It’s been suggested to me that I should hold the passwords as a hashed character string (via an algorithm), and hence the site (and me) would not know your password.
This means that “the hacker” could not retrieve the password from the site.
However, this does mean that I can’t send you your password if you forget it (I would not have it). But I would do my best to reset it for you if requested (e.g. if you forget it).
To this end I did the necessary changes to the site on Wednesday 16th August. The site went down for a short period whilst the changes were made, but once back up again it ‘looked’ no different. (You still use your username and password to login.)
Thanks to Mike Aubury for pointing me in the right direction to enable me to do the coding changes. As he said to me, if the hackers are determined to break into the site they will find a way, but this is a necessary step.
So what are hackers?
The term black hat differentiates criminal hackers from white hat and grey hat hackers. These categories come from a perceived trope in Western movies, where the heroes could be identified by the white hats they wore and the villains by their black hats.
A white hat hacker, or an ethical hacker, is the antithesis of a black hat hacker. White hat hackers are often hired by organizations to conduct penetration tests and vulnerability assessments on their systems to improve their security defenses. They conduct tests and attacks on websites and software in order to identify possible vulnerabilities, while also following established rules, such as bug bounty policies. They will notify the affected vendor of any issues directly so that a patch can be released to fix the flaw.
A gray hat hacker operates with more ethical ambiguity — while they do not hack into systems with the malicious goal of stealing data, they may be willing to use illegal methods to find flaws, expose vulnerabilities to the public or sell zero-day exploits to government and intelligence agencies.
A black hat hacker is typically one that engages in cybercrime operations and uses hacking for financial gain, cyberespionage purposes or other malicious motives.
So far the hacks into the ObUK website have resulted in ‘invisible’ links to porn sites (why do they do that), which has caused Google to put warnings in their search engine (saying the site ‘may have been hacked’). I then go in and remove the links and get Google to re-analyse the site to remove the warning.
Time consuming and pointless!
Let’s hope they leave us alone in the future.