Belgian Police Website Defaced (again)

0wn3d! For the 4th time, a Belgian police website has been defaced last weekend (news in French). That leads me to several questions…

In Belgium, there are several (196!) Police zones and Federal police services. I can totally understand that those services does not have the same needs in terms of communication (ex: a local zone is much closer to people and has to answer basic day-to-day questions). But why do so much zones manage their own web site. An example?

The last defaced site www.zpnivellesgenappe.be: This domain is hosted by jexiste.org:

$ dig zpnivellesgenappe.be ns|grep ns
; <<>> DiG 9.3.1 <<>> zpnivellesgenappe.be ns
;; global options:  printcmd
;; Got answer:
zpnivellesgenappe.be.   64641   IN      NS      ns1.jexiste.org.
zpnivellesgenappe.be.   64641   IN      NS      ns2.jexiste.org.
ns1.jexiste.org.        64641   IN      A       87.98.193.135
ns2.jexiste.org.        64641   IN      A       84.207.24.15

and the website is hosted by ovh.net:

$ whois -h whois.ripe.net `host www.zpnivellesgenappe.be`|\
grep desc
descr:          Ovh Systems
descr:          OVH ISP
descr:          Paris, France
descr:          OVH ISP
descr:          Paris, France

Other examples?

So, what about a “federal service provider” which could provide domain registrations and webspaces on a safe infrastructure managed on a central point? All local zones could have their own “web space” to put their own information online.

Each zone could have its own communication tools (there are forums, RSS feeds,…) and its own look but on a pure security point of view, they don’t have to worry (but do they worry?) about all security aspects. Just my two cents…

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.