2010/08/30

Ghana web Security and code practice Pt1

I was considering not blogging again but when I think of it I really
need to because people and especially developers need to read stuff(or shit)
like the ones I write, I hate to write, main reason why I quit a lot of jobs;
but not when its very important.

This brings me to today's blog post; Ghana yes that beautiful nation that is in
my "opinion" slowly drowning herself because of her ignorant children.
Developers in Ghana have the habit of copy and paste and drag n drop, at least with
the most I have see. For example I saw a guy at swanzy(a shopping arcade) and he
says he wants to configure a cisco router and he needs an IBM T41/42 I asked, can't you
use something else and he says I don't want to suffer(meaning he doesn't want to hack it
I want to do "exactly" what is in the book, only thing I could say after that was
am no "robot".

I have worked, hired and fired developers as the IT manager of a firm in East-Legon
all because of two things "code design" and "security"; you can't give me a very
unmaintainable code and poor design for approval or appreciation and to worsen the case
the code is open to a lot of security issues, this may seem hash but I have watched
and monitored Universty of Ghana's website get hacked and remains hacked for 2 years+
till present day

Proof
in the source of University of Ghana Legon(ug)'s mother site and some pages there is
a hidden css that advertises viagara which leads to a teacher/student tutorial site

Tech Details:
   
css class name: .RUACZA
    after the style there is a div that
    contains the advert

 

Verify:
    Goto http://www.google.com and input
    viagara site:ug.edu.gh

Well after you see that I guess you get the idea and I could paste here
instructions and even code to replicate the attack they suffered, but I don't want any
issues as I could be charged with funny shit. Well this is not the only site
and proof I have. There are a lot more and if you want to check if your site has been hacked
or if its hackable don't hesitate to email me or leave a comment saying so, its FREE so
don't pressure me I have a lot on my chest.

Well am tired I'll continue this next time, in the meantime check that code
if it takes more than 20mins to trace a function behold you need to check your code design
and "ONLY" use OOP when "NECCESARY". That new school thing sucks return to the ways of C
you lame coders. ;p

1 comment:

  1. Interesting..So why dont you help this people rather than just firing them.You av got help if you know the right way its done.It is true though that Ghanaian programmers are a bunch of copy and pasters right. But we need to help each other.You have got to start blogging again.This time around no critisation :-).Lets learn together and DO it. regards

    ReplyDelete