Australia Patches Government Portal After Security Flaws Found-UNPAN - United Nations Public Administration Network

Home > United Nations Online Network in Public Administration and Finance (UNPAN)

1. Global: Global
2. Africa: Africa
3. Arab States: Arab States
4. Asia & Pacific: Asia & Pacific
5. Europe: Europe
6. Latin America & Caribbean: Latin America & Caribbean
7. North America: North America

UNPAN Asia & Pacific

Register | Login


Home About UNPAN UNPAN Coordinator (DPADM) UNPAN Partners UNPAN Newsletter UNPAN User's Survey UNPAN CMS UNPAN Portal Guide FAQs DPADM Intranet My UNPAN RSS feeds Contact Us Regions Global Africa Arab States Asia & Pacific Europe Latin America & Caribbean North America Standards/Codes International Code of Conduct Regional Public Service Charter National Codes of Conducts Standard of Excellence in PA Education&Training; Ethics, Transparency and Accountability E-Learning Online Training Centre Featured Learning Materials Learning Materials News Public Administration News Governance World Watch Governance Asia-Pacific Watch RCOCI Informatization Bulletin Library Search Documents Advanced Search Major Publications UN E-Government Surveys World Public Sector Report Digital Governance in Municipalities Worldwide DPADM E-Library Resolutions UN E-Government Development Database Knowledge Base of E-Government Practices Knowledge Base of ICT for Public Service Knowledge Base of UN Public Service Awards Thematic Project Websites Technical Project Highlights UNPAN Photos UNPAN Videos Events The Committee of Experts on Public Administration DPADM Monthly Bulletin UN Public Service Day UN Public Service Awards Browse Events by Calendar Browse Events by UNPAN Partner Global Forum Directories Practitioners/Experts Glossary Employment Opportunities Blog Contact Us

Public Administration News

Australia Patches Government Portal After Security Flaws Found

Source:	www.futuregov.asia
Source Date:	Tuesday, November 04, 2014
Focus:	ICT for MDGs
Country:	Australia
Created:	Nov 11, 2014

Most countries in Asia Pacific have been affected by a security weakness in the Drupal CMS, which was discovered last month. Earlier last month, Drupal issued a security update for web sites running on version 7 which are vulnerable to the bug. The system does not automatically download security updates, so many government websites in Asia Pacific may still be vulnerable. Last week the open source CMS provider reported “highly critical” attacks on Drupal 7 web sites that were not patched or updated within hours of the security update release. Across Asia Pacific, governments in Australia, India, Indonesia, Malaysia, New Zealand, the Philippines, Singapore, Sri Lanka, Thailand and Vietnam use Drupal for their websites. Outside the region, Brazil, France, Germany, United Kingdom and the United States also use the open source system. Earlier this year, the Australian government launched a whole-of-government CMS built on Drupal 7. The government is already moving its e-services portal australia.gov.au onto the new govCMS and will open it up to other agencies from February 2015. Owners of web sites on Drupal 7 “should proceed under the assumption” that their web sites were compromised, the CMS provider said, unless they were updated or patched within seven hours of the security update release. A spokesperson from the Australian Government told FutureGov that “all Department of Finance Drupal websites and govCMS are regularly patched against security threats. The govCMS platform includes an automatic patching routine enforced for all govCMS sites. A dedicated security team manages these requirements.” “The Department of Finance continues to find Drupal a useful component of its delivery suite,” the government added. Anyone who has not updated or applied the patched should do so immediately, Drupal said. This will fix the vulnerability, but it will not fix a web site if it has already been compromised. Drupal recommend that web site owners consult with their hosting providers and restore their web sites to a backup from before October 15 when the security update was released. “Attackers may have copied all data out of your site and could use it maliciously. There may be no trace of the attack,” the warning said. Hackers could also compromise other services on the server or escalate their access. If a web site has been patched, but it was not done by the administrator, it could be a symptom of the site being compromised, Drupal said. The security update released on October 15 said that Drupal 7 sites are vulnerable unless they were updated. Unlike other vulnerabilities, this one allows hackers to exploit the web site without the need for an account, or by tricking someone into sharing confidential information.

Rate:

0 ratings

Views:

200

Comments:

0

Favorited:

0

Bookmarked:

0

Tagged:

0

0 Comments | Login to add comment

| | |

Copyright 2008-2010 by UNPAN - United Nations Public Administration Network