(Read to the end for an explanation of all this. Since perception is everything, the logical and more reasonable, yet still damning, explanation can wait.)
The LIGATT-run site, National Cyber Security (nationalcybersecurity.com), claims to be the "number one cyber security related reference and news portal". Already exposed for large scale plagiarism, the site does not offer much in the way of original content or real services. From the 'about page':
Welcome to National Cyber Security by LIGATT. We are the number one cyber security related reference and news portal for you. It is our vital mission to help secure not only the nation, but also the world from the many cyber criminal threats we face. Our references include our Cyber Security Watch News, blogs written by cyber security professionals, cyber security links, and email corespondence to our professionals to help you protect yourself from any cyber threat.
Apparently, as part of running this portal on National Cyber Security, it somehow involves a wide range of other topics. These include, but may not be limited to: pornography, career centers, coffee by phone, art and the National Security Academy of Ireland. The Academy offers physical security training for bouncers and more. Example pages on their site, click the image to enlarge:
|
|
|
| Pornography | Community Center | Coffee |
 |
 |
 |
| Art | Irish Security | Black Santas |
While the link to the pornographic web site is interesting, it should be noted that the content isn't hosted on their domain. This is actually more curious, why National Cyber Security would be providing a 302 redirect to a third-party domain with the adult content. Note the redirect during the request:
# nc www.nationalcybersecurity.com 80 GET /~web HTTP/1.0 HTTP/1.1 302 Found Date: Sat, 22 May 2010 02:58:57 GMT Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Location: http://pornoizlee.biz/suspended.page/ Content-Length: 415 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://pornoizlee.biz/suspended.page/">here</a>.</p> <hr> <address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at 9e.0.78ae.static.theplanet.com Port 80</address> </body></html>
Other pages of interest:
| /~home | Redirect: http://lowpricehosting.org/suspended.page/ |
| /~travel | Nver Travel |
| /~personal | MediaMaster PR & Advertising |
| /~hosting | "Under Construction" message |
| /~college | Redirect: http://lowpricehosting.org/cgi-sys/suspendedpage.cgi |
| /~smile | Fatal Error - /home/smile/public_html/includes/includes.php |
| /~phone | Redirect: http://lowpricehosting.org/cgi-sys/suspendedpage.cgi |
| /~national | National Cyber Security! |
| /~expert | Redirect: http://lowpricehosting.org/cgi-sys/suspendedpage.cgi |
| /~future | Psychic Nexus, The Best Online Psychic Network |
| /~registry | Redirect: http://www.ineedtocheat.com/suspended.page/ |
| /~market | Effective Internet Marketing Solutions |
As more directories and page were found, it was clear this was part of some hosting arrangement, likely involving lowpricehosting.org. However, that domain instantly redirects to the suspended page. One page found (~personal) references createpersonalwebsites.com on their page, but that domain loads a different version of the page. Checking ~national we find it loads the National Cyber Security page, further proving this is some odd hosting solution. It isn't immediately clear what hosting solution is present, but it appears that it is (mis)configured to allow cross domain pollution of content as seen above. For some domains, this may not be a big deal. For domains that advertise security and operate in a business built on integrity, this should not be acceptable. Worse, why didn't LIGATT notice this and ask their hosting provider to fix it? Any second rate penetration test would discover this issue, something LIGATT should have noticed from day one.
