LIGATT's National Cyber Security Involves Coffee, Black Santas and Porn?

Tue Jun 22 18:53:26 CDT 2010

(Read to the end for an explanation of all this. Since perception is everything, the logical and more reasonable, yet still damning, explanation can wait.)

The LIGATT-run site, National Cyber Security (, claims to be the "number one cyber security related reference and news portal". Already exposed for large scale plagiarism, the site does not offer much in the way of original content or real services. From the 'about page':

Welcome to National Cyber Security by LIGATT. We are the number one cyber security related reference and news portal for you. It is our vital mission to help secure not only the nation, but also the world from the many cyber criminal threats we face. Our references include our Cyber Security Watch News, blogs written by cyber security professionals, cyber security links, and email corespondence to our professionals to help you protect yourself from any cyber threat.

Apparently, as part of running this portal on National Cyber Security, it somehow involves a wide range of other topics. These include, but may not be limited to: pornography, career centers, coffee by phone, art and the National Security Academy of Ireland. The Academy offers physical security training for bouncers and more. Example pages on their site, click the image to enlarge:

Pornography Community Center Coffee

Art Irish Security Black Santas

While the link to the pornographic web site is interesting, it should be noted that the content isn't hosted on their domain. This is actually more curious, why National Cyber Security would be providing a 302 redirect to a third-party domain with the adult content. Note the redirect during the request:

# nc 80
GET /~web HTTP/1.0

HTTP/1.1 302 Found
Date: Sat, 22 May 2010 02:58:57 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/
Content-Length: 415
Connection: close
Content-Type: text/html; charset=iso-8859-1

<title>302 Found</title>
<p>The document has moved <a href="">here</a>.</p>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/ Server at Port 80</address>

Other pages of interest:

/~home Redirect:
/~travel Nver Travel
/~personal MediaMaster PR & Advertising
/~hosting "Under Construction" message
/~college Redirect:
/~smile Fatal Error - /home/smile/public_html/includes/includes.php
/~phone Redirect:
/~national National Cyber Security!
/~expert Redirect:
/~future Psychic Nexus, The Best Online Psychic Network
/~registry Redirect:
/~market Effective Internet Marketing Solutions

As more directories and page were found, it was clear this was part of some hosting arrangement, likely involving However, that domain instantly redirects to the suspended page. One page found (~personal) references on their page, but that domain loads a different version of the page. Checking ~national we find it loads the National Cyber Security page, further proving this is some odd hosting solution. It isn't immediately clear what hosting solution is present, but it appears that it is (mis)configured to allow cross domain pollution of content as seen above. For some domains, this may not be a big deal. For domains that advertise security and operate in a business built on integrity, this should not be acceptable. Worse, why didn't LIGATT notice this and ask their hosting provider to fix it? Any second rate penetration test would discover this issue, something LIGATT should have noticed from day one.

main page ATTRITION feedback