In an article written by Nick Farrell on The Inquirer states that a “self styled” ethical hacker site found some major problems with the Global Malaysians Network (GMN) which allowed hackers to steal members’ personal details at will.
According to The Hack in the Box, due to bad programming practices and unchecked variables in the script there are several SQL injection vulnerabilities in the web application that powers the whole thing.
Apparently it was a doddle for an attacker to manipulate the input strings a malicious attacker could potentially compromise the security of the database server and disclose any content within the database including private and sensitive information of the GMN members.
The site contacted the Network and its owner, the rag The Star, on Sunday 12th June 2005 and was ignored. On Tuesday they decided to give them a ring and they got a reply from the Secretariat of the GMN that these things were “being looked into”.
The unnamed Secretariat has also decreed that only those who sign in as members will be able to access the Directory. This sign-in will use a secure server with 128-bit SSL encryption
The idea of GMN is a brilliant one but it seems like we need to check on other issues to ensure it’s success