Popular Post tgw Posted June 16, 2021 Popular Post Share Posted June 16, 2021 7 minutes ago, impulse said: So, if someone leaves the cash register open and I walk off with their money, is that still theft? If he had to change aspects of the URL to see the data, that's a hack. Just because it was easy and an amateur could do it, doesn't mean it's not. Your analogy is not accurate. And no, changing URL parameters is not a hack. People who aren't programmers should refrain from trying to explain what "hacking" is, or soon we will end up with more nonsensical internet laws. 5 Link to comment Share on other sites More sharing options...
Phuketshrew Posted June 16, 2021 Share Posted June 16, 2021 12 minutes ago, impulse said: If he had to change aspects of the URL to see the data, that's a hack. Exactly. 1 2 Link to comment Share on other sites More sharing options...
JamieM Posted June 16, 2021 Share Posted June 16, 2021 1 minute ago, Phuketshrew said: Exactly. wrong again 1 Link to comment Share on other sites More sharing options...
impulse Posted June 16, 2021 Share Posted June 16, 2021 4 minutes ago, JamieM said: wrong again You're confusing a hack with an illegal hack. 1 Link to comment Share on other sites More sharing options...
Popular Post JamieM Posted June 16, 2021 Popular Post Share Posted June 16, 2021 3 minutes ago, impulse said: You're confusing a hack with an illegal hack. The poster has made it clear he is not talking about a legal hack. Context is important this is his original post below: Quote Gaining unauthorised access to any system and its data is, by definition, HACKING. Whether he used website parameter hacking, CSS, CSRF, or SQL injection is irrelevant. He has gained unauthorised access to the database, retrieved data and published the fact. 3 Link to comment Share on other sites More sharing options...
asiacurious Posted June 16, 2021 Share Posted June 16, 2021 12 minutes ago, Phuketshrew said: 22 minutes ago, impulse said: If he had to change aspects of the URL to see the data, that's a hack. Exactly. Now you're just ignoring your own definition of hacking! By your own definition, there was no hacking! 1 Link to comment Share on other sites More sharing options...
Popular Post impulse Posted June 16, 2021 Popular Post Share Posted June 16, 2021 2 minutes ago, asiacurious said: Now you're just ignoring your own definition of hacking! By your own definition, there was no hacking! Let's look at Dictionary.com... Underlining is my emphasis... Computers. to modify (a computer program or electronic device) or write (a program) in a skillful or clever way: Developers have hacked the app. I hacked my tablet to do some very cool things. to circumvent security and break into (a network, computer, file, etc.), often with malicious intent: Criminals hacked the bank's servers yesterday. Our cybersecurity team systematically hacks our network to find vulnerabilities. White hat hacks are still hacks. He entered the website in a manner not intended by the developer. To do that, he manipulated the URL. That's a hack. Not a very sophisticated one, for sure. 3 1 Link to comment Share on other sites More sharing options...
moldresistant Posted June 16, 2021 Share Posted June 16, 2021 Putting the term hacking aside, I think the responsible course of action here would be to inform this issue to Bangkok Immigration directly. That way the problem can be solved without inviting more bad actors to harvest data. However, if there was no response after repeated attempts at communication, going public may have been necessary. 2 Link to comment Share on other sites More sharing options...
Popular Post RichardColeman Posted June 16, 2021 Popular Post Share Posted June 16, 2021 7 hours ago, snoop1130 said: On Tuesday, the Thai government released a statement to explain the issue on the Intervac website had been resolved after being caused by a “temporary glitch” and was now working again. 3 Link to comment Share on other sites More sharing options...
asiacurious Posted June 16, 2021 Share Posted June 16, 2021 29 minutes ago, impulse said: Let's look at Dictionary.com... Underlining is my emphasis... Computers. to modify (a computer program or electronic device) or write (a program) in a skillful or clever way: Developers have hacked the app. I hacked my tablet to do some very cool things. to circumvent security and break into (a network, computer, file, etc.), often with malicious intent: Criminals hacked the bank's servers yesterday. Our cybersecurity team systematically hacks our network to find vulnerabilities. White hat hacks are still hacks. He entered the website in a manner not intended by the developer. To do that, he manipulated the URL. That's a hack. Not a very sophisticated one, for sure. Where the claim of hacking fails ALL of the definitions of hacking that have been offered, including the definition that I provided based on the actual laws in Thailand about hacking (this post), is with the circumventing of security. The site had NO security. If the site admin/developer had used an SSL cert then there could be a claim that the site had at least some kind of security. Though even that would simply be security to prevent man in the middle snooping/hacking. Changing a URL would not be circumventing SSL security. The admin/developer needed to have something set up to secure the data in order for there to be someone for a person to circumvent/hack! 2 Link to comment Share on other sites More sharing options...
Rampant Rabbit Posted June 16, 2021 Share Posted June 16, 2021 12 hours ago, bino said: Clap one hand if you are shocked and surprised by this. I did, around the head of immigrations face, I neve r use these apps in fact never use any phone apps, rarely turn the phone on. Link to comment Share on other sites More sharing options...
Destiny1990 Posted June 16, 2021 Share Posted June 16, 2021 How safe are our millions of ID photocopies, copy bank statements full home adresses that they collected u think? 1 1 Link to comment Share on other sites More sharing options...
lavender19 Posted June 16, 2021 Share Posted June 16, 2021 13 hours ago, RotBenz8888 said: Let me guess, the developer was updating the system... ? No. He was having his nappy changed 1 Link to comment Share on other sites More sharing options...
BEngBKK Posted June 16, 2021 Share Posted June 16, 2021 Maybe Thailand should offer permanent resident for people that find data breach'es in Thailand 4.0. It sure look like Thailand 4.0 need all the help they can get... Link to comment Share on other sites More sharing options...
tonysilly Posted June 16, 2021 Share Posted June 16, 2021 Sir, maybe we should ask Farangs to help us with the web site?? What !! No way! No Thais where hurt during the Breach. Mai Pen Rai 555 1 Link to comment Share on other sites More sharing options...
condobrit001 Posted June 16, 2021 Share Posted June 16, 2021 If you discover that it is possible to look inside a neighbours bedroom with a telescope, this is illegal. So the correct course of action would be to refrain from looking and discreetly inform that neighbour to close their curtains, NOT to tell the whole street that the view is on offer! 1 1 Link to comment Share on other sites More sharing options...
metisdead Posted June 17, 2021 Share Posted June 17, 2021 A post using emoticons only as a reply has been removed. 1 Link to comment Share on other sites More sharing options...
BestB Posted June 17, 2021 Share Posted June 17, 2021 Everything going according to plan, just ask Anutin ???? Link to comment Share on other sites More sharing options...
Damrongsak Posted June 17, 2021 Share Posted June 17, 2021 12 hours ago, connda said: These people have no idea how to develop code. They are literally back in the 1990s in their web development practices. I jokingly said awhile back that contracts to produce Thai government websites like this one are given to some big-wigs kid or nephew in university. Now I'm betting I'm not far off. No date security at all. Lax security. My son is buddies with one of the few internet key holders - the folks who control the domain name system security. Serious business. Link to comment Share on other sites More sharing options...
inThailand Posted June 17, 2021 Share Posted June 17, 2021 I hope someone makes a TV series about all this. Netflix your missing out on a great comedy show. Link to comment Share on other sites More sharing options...
rwill Posted June 17, 2021 Share Posted June 17, 2021 When you click on the new 'report bug' button on the Thailandintervac site it says at the bottom: "Some bugs on the websites may not safe for other, So please report us immediately and don't share it to public that would help." They might get upset with Richard for sharing it to the public. Of course it does also say 'So please report us immediately' not 'So please report it to us immediately" 1 Link to comment Share on other sites More sharing options...
kwak250 Posted June 17, 2021 Share Posted June 17, 2021 I think you have very high expectations ta think that a high school student could write a script for this or to even be bothered . Link to comment Share on other sites More sharing options...
Damrongsak Posted June 17, 2021 Share Posted June 17, 2021 2 minutes ago, rwill said: When you click on the new 'report bug' button on the Thailandintervac site it says at the bottom: "Some bugs on the websites may not safe for other, So please report us immediately and don't share it to public that would help." They might get upset with Richard for sharing it to the public. Of course it does also say 'So please report us immediately' not 'So please report it to us immediately" He did report them immediately in a manner of speaking. To the rest of the world. Link to comment Share on other sites More sharing options...
ukrules Posted June 17, 2021 Share Posted June 17, 2021 15 hours ago, J Town said: But is this really a surprise? No, it is not a surprise, not at all. Link to comment Share on other sites More sharing options...
BEngBKK Posted June 17, 2021 Share Posted June 17, 2021 Hack or not hack... Thai authorities will decide if it is a hack or not and act accordantly to that (to avoid losing face - In their mind) Link to comment Share on other sites More sharing options...
jacko45k Posted June 17, 2021 Share Posted June 17, 2021 8 hours ago, impulse said: You're confusing a hack with an illegal hack. Going into the address bar and simply editing the URL is not a hack and not an illegal action Link to comment Share on other sites More sharing options...
animatic Posted June 17, 2021 Share Posted June 17, 2021 Run by the same folks trying to route all internet traffic through government monitoring servers in Bangkok to prevent Thais from seeing stuff Paternalistic Big Somchai doesn’t want them seeing because it embarrasses their self image. The government internet comprehension and computing resources are truly 3rd world. Not so much the criminal class of course. The major embarrassment is continuous government own goals. Link to comment Share on other sites More sharing options...
Fex Bluse Posted June 17, 2021 Share Posted June 17, 2021 12 hours ago, Phuketshrew said: I think Mr Barrow is pushing his luck with publicising these data breaches. Gaining unauthorised access to any system and its data is, by definition, HACKING. Whether he used website parameter hacking, CSS, CSRF, or SQL injection is irrelevant. He has gained unauthorised access to the database, retrieved data and published the fact. Had Mr Barrow had legal permission to perform the hack (as an Ethical Hacker) the correct course of action should have been to inform the owner of the website/database of the breach so that they could take immediate remedial action. He's doing the right thing. The Thais would not react unless they publicly lose face. That's how it works here. 2 Link to comment Share on other sites More sharing options...
hotchilli Posted June 17, 2021 Share Posted June 17, 2021 15 hours ago, snoop1130 said: For the second time in as many days, an official website used by foreigners in Thailand has purportedly suffered a data breach. The digital hub of Asia... can't even secure a web-site. Link to comment Share on other sites More sharing options...
mtls2005 Posted June 17, 2021 Share Posted June 17, 2021 The recently ammended Computer Crimes Act (2017) is extremely broad, and can be used to charge pretty much anyone (who is deemed an enemy of the state) with anything remotely connected to a phone/pc and the interwebs. If a student protester or a rival party member had done this, well, they'd be toast. Personally my issue is with the insecure system(s), rather than how this was exposed. Without this sort of public shaming this would have gone on for months or years more. Will be interesting to watch as Thai folks exploit these sorts of security issues on Thai websites, and expose the shenanigans of the the various PtB. 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now