Comments on: Alex Laguilles, Sulit.com.ph and the hacking incident

By: Elmer M.

Elmer M. — Sat, 11 Apr 2009 21:42:33 +0000

I came out to this opinion after reading the article from dotPH.
dotPH proudly say the word “How to catch a hacker?” or should I say “How to explain further?” sa kapalpakan ng sistema sa seguridad ng dotPH? Or “How to catch an idiot?” Why Alex leaves out tracks if he’s a real hacker?
It says there that the culprit is using the same series of IP addresses, and if he was a hacker by all means he should use different IP addresses so he will not be traced. He can use hundreds or thousands of internet anonymous proxies out there!
dotPH were being attacked with IE 7 and Windows XP (nakakatawa) and sulit.com.ph was just a victim of the negligence and lack of security of the official domain registry of the philippines (dotPH). It is NOT TRUE that sulit were being hacked. Every changes on dotPH part where sulit registrar for domain name will immediately affect sulit.com.ph website that’s why it happens.
WHY THIS HAPPENS TO dotPH? Why lack of security in the first place?
Do they (dotPH) have any security audit for suspicious domain registrants? Using fake names and addresses?
Do they (dotPH) have any security audit for suspicious modifications or alterations on DNS? Or at least confirmations to the .ph owner’s email address that they are officially change their Name Server?
Do they (dotPH) have any security audit for suspicious activity on their website’s client page?
“Akala mo lang meron pero wala, wala, wala!” Sorry man!
On the Bayantel side that wasn’t supposed to be done, BayanTel should not give any information that easily, they should have waited for a court order before giving information. Only means they don’t protect their customers. This mean that we can call them anytime asking for some information and pretend that I’m someone? Di ba!
“How to catch a hacker?” dotPH says. They’ve been pointing out names on the article and SOCO like investigations without having proof if this is really the person to catch? Is this legal? What about human rights?
I think dotPH should be thankful for at least they are lucky because if this person was indeed a real hacker, all .ph domains will possibly be altered/deleted and someone… I mean everyone will be knocking on dotPH door eventually if that happens.

By: jonhar

jonhar — Wed, 04 Mar 2009 19:04:13 +0000

Wow talaga, hindi ko alam kung kanino ako bibilib, kay Alex or sa DotPH. Pero I guess mas nakakabilib si Alex kasi kahit nga nakaya nyang lusutan ang DotPH at Sulit! Sana kasing galing nya rin ako, pero dapat ethical parin. He could have earned more in the long run sa skills nya kaso binangga nya pa ang laws of the land eh..hay. It would always serve as a lesson sa lahat na kahit ano man tayo kagaling, we should always follow the laws kasi nga limited lang lahat ng bagay. Tsaka pag hindi hard earned ang pera parang hindi mo masyadong ma appreciate, di ba? Kaya sa marunong mag lagay ng Adsense sa loob ng post nila, paturo naman oh. Thanks!

By: Yenyo

Yenyo — Wed, 04 Mar 2009 16:00:43 +0000

Grabe!!! I think there is something wrong with Dotph security…This is the first time to know that Internet Explorer can easily used to hack Dotph system? Buti nga mabait pa siguro hacker na ito because of what he found/discover out, he can manipulate all BIG NAMES like ebay.ph, yahoo.ph etc… because of security weakness of their website and yet HINDI NYA PINAKIALAMAN. I am not giving out my side to this hacker but the reality is… masyado sigurong vulnerable ang system ng Dotph kaya kahit IE ma-hack na sila! grabe na talaga to!

By: Jay Castillo

Jay Castillo — Wed, 04 Mar 2009 11:22:51 +0000

@Tyrone, exactly what I was thinking. While it’s commendable they were able to track down the hacker, the pro-active approach would have been to make sure their systems were patched accordingly and secured against all known vulnerabilities to prevent hacking in the first place, unless the hacker used a zero-day exploit. Sorry for the geekspeak, lumalabas ang IT background… hehe.

By: ribbit

ribbit — Wed, 04 Mar 2009 06:11:38 +0000

what would be the reprimand for this kind of act in the PH?

By: Millionaire Acts

Millionaire Acts — Wed, 04 Mar 2009 02:34:35 +0000

I first read this incident at the blog of Dexter. I really wonder how did the hacker changed the password of sulit and accessed it? It makes me think that dotph is quite vulnerable to hacking attacks.

By: ice_hot

ice_hot — Tue, 03 Mar 2009 11:30:41 +0000

hehehe… this article makes me want to hack PMT!!! hahaha!!! if it was technically possible for me to do…

the earning student

By: elmot

elmot — Tue, 03 Mar 2009 09:45:24 +0000

whowh! this is very nasty! hackers these days are very sophisticated alredy. they should be apprehended by the law. good thing, there are also people who are battling them out

By: Jay Castillo

Jay Castillo — Tue, 03 Mar 2009 05:00:11 +0000

It’s good they were able to pinpoint the hacker. However, I wonder why the hacker was able to exploit a vulnerability in the website of dotph in the first place.