NationalCyberSecurity.com has all “Original Content”
Readers of Yahoo Finance were treated to the following wackadoo press release on Friday: National Cyber Security Uncovers Racism Within the Computer Security Industry. In our article Friday we made a case for a better title: “Ligatt Discovers that People Don’t Like Being Plagiarized”. The web site referenced, National Cyber Security by Ligatt, is a not so subtle take off of the name of the National Cyber Security Division (NCSD) in the Department of Homeland Security. This “National Cyber Security” is another strange project from confidence man Gregory Evans of Ligatt Security.
Here is the stated mission:
“National Cyber Security is the number one cyber security related reference and news portal. It is their vital mission to help secure not only the nation, but the world from cyber criminal threats being faced daily. Their references include a cyber security watch news, blogs written by cyber security professionals, cyber security links, and email correspondence to their professionals who help protect website visitors from any cyber threat.
But with fake reporter profiles, plagiarized articles, dubious cyber-terrorism experts, bizarre biographies of other people, and a site riddled with security flaws: the actual message of the web site is overtaken by a subtler truth about charlatans in the information security industry.
McKenzie
“By purchasing National Cyber Security, we will be able to partner with fellow computer security experts like Grey McKenzie to be a force against cyber-crime.” – Gregory Evans
McKenzie was part of an anti-keylogging product called SpyCop that appears to have gone dark or continued under a different form according to forum posts. Strangely, while McKenzie lists himself as creator of the National Cyber Security Portal, he lists no affiliation with Ligatt on LinkedIn. It appears the site was purchased by Ligatt on 3/31/09 and redesigned, although the original site had republished news stories as well.
Plagiarized Content
IronGeek has done excellent job making the case against Ligatt’s plagiarism on this web site with the following Youtube video which amusingly begins with Evans stating that the site is “all original content” not stories gathered through “Googles”:
Bizarre Biographies
Judith Pugh or J.L. Smith?
It is sad when you can’t even steal effectively. The answer is both, this picture is of J.L. Smith aka Judith Pugh, author of Reporting for Doodie, One Grandmother’s Story of Commitment, Frustration & Unwavering Love and not a National Cyber Security author.
Riddled with Security Flaws
The site was victimized on Friday by a vulnerability allowing for what appears to be a persistent XSS attack that allowed whoever exploited it to replace the picture of Gregory Evans with a picture reference to Epic Fail Guy, itself a pseudo reference to ‘Anonymous’, Guy Fawkes, et al.:
Gregory Evans as Guy Fawkes stick figure Epic Fail Guy.
The flaw that allowed this is in addition to numerous cross site scripting (XSS) issues on the web site:
http://www.nationalcybersecurity.com/search?Query=%3CIMG+SRC%3D%22http%3A%2F%2Fattrition.org
/images/squirrel-mascot-iconL.gif%22%3E&fromSmall=true&searchWhat=searchAll&submit.x=20&submit.y=10&
searchField=searchContentBody&searchField=searchContentBody
Source: Attrition.org.
http://www.nationalcybersecurity.com/admin/index.php?username=<script>alert('xss')</script>
Source: http://quine.dreamwidth.org/2904.html
http://www.nationalcybersecurity.com/search?Query=<script>alert('xss')</script>
Source: http://quine.dreamwidth.org/2722.html
Is having these types of flaws on an information security site the end of the world? We just wrote a story about F-Secure having something similar on their US site last week. The difference: F-Secure corrected the issue, and wrote a post describing the problem, within twenty four hours of notification. Web site injection flaws are common, security companies will have them from time to time, and the key to deriving meaning from such stories is evaluating how the security firm responds.
Finally
Edmund Burke once said, “All that is necessary for evil to triumph is for good men to do nothing.”
Related Content
Related Posts:
- ShmooCon: You’re a Jerk
- Asian Men Prefer LIGATT
- LIGATT’s Evans Strikes Back
- Did LIGATT Security’s CEO Threaten the Life of a Security Professional?
- A Loss of SecurityFocus
Filed Under: Industrial Complex
That’s not Guy Fawkes dude. That’s Epic Fail Guy.
http://encyclopediadramatica.com/Epic_Fail_Guy
the site (along with ligattsecurity.com site) was also riddled with sql injection holes.
i wouldn’t be surprised if EFG was inserted into the database rather than persistent XSS.
epic failure all round.
Have you seen any examples of SQLi?
Prefect, Will you give more detail on this acronym… SQLi
Here, let me help you out with that…..
SQLi is the short term for SQL Injection. You can find more information at the link below.
http://en.wikipedia.org/wiki/Sql_injection
Come on Greg … er, I mean “Dom” … stop asking other people to do your homework for you. But wait, as the world’s no.1 hacker, shouldn’t you already know all about SQLi?!
[...] preparados para ofrecer seguridad a sus clientes. Sin embargo, a esta empresa se le acusa de fraude y plagio. En retribución, algunos hackers reales han atacando exitosamente su sitio web empresarial. Y eso [...]
As of today that site is now just a forwarder to a spammy git yer own Forex Robot site. Now excuse me while I dump some stock.
all these postings made me want to go to NationalCyberSecurity.com to check it out for myself. currently laughing my *** off as i am automatically being redirected to http://www.getaforexrobot.com. 6 days and they still haven’t fixed it?