Wednesday, June 21, 2017

[REVIEW] Cyber Security Campaign 2017 (Hong Kong)

Yesterday (Jun 20, 2017), Cyber Security and Technology Crime Bureau (CSTCB) of Hong Kong Police Force announced a Cyber Security Campaign 2017 for a year in order to kill all botnets in Hong Kong. They build a website for Hong Kong citizens to download 3 famous Anti-Virus scanners (Kaspersky, Symantec and Trend Micro). The campaign commenced today. (SCMP news) However, the site could not be accessed until 1500 hours today due to too busy or something else.

I conducted a quick test on the website when the news was announced yesterday. This article is about the not professional test result.

The website is running on Windows Server 2012 and hosting at Alchemy. It is not sure that it is a dedicated server or a shared hosting server. It is possibly that it may be a dedicated server. The IP address of the server is 205.144.171.79.

Meanwhile, I find out that the server is also hosting another website Cyber Security Professional Awards which is also hosted by CSCTB.

The Server

The website is running on Microsoft IIS 8.5 with ASP.NET (Version 4.0.30319 and ASP.NET MVC version is 5.2). Ports 80, 135, 443, 445, 5666 and 49159 are opened on the Windows Server 2012. There is no Web Application Firewall (WAF) on the Microsoft IIS Web Server.

SSL Certificate

Since there is no data exchange between users and web application, the SSL certificate for the website is not required in general. However, it is equipped. It is compatible to TLS 1.0, 1.1 and 1.2. It used a weak cipher suites for the encryption (TLS_RSA_WITH_3DES_EDE_CBC_SHA) in the certificate. Meanwhile, it has a mismatched SSL certificate of www.fishingmilitia.com. In addition, there is no security headers for the website. The grading of the website is A only.

Later learnt that the mismatched SSL certificate of Fishing Militia is pointed to "Cyber Security Professional Awards" website. The SSL certificate of "Fishing Militia" is expired on Jun 16, 2017. However, the "Cyber Security Professional Awards" website is running on Port 80. It is very weird.

Web Application

It is a single page web application mainly running JavaScript. It stores all the images, including background image, on https://storage.googleapis.com. The size of the images is from 58kB to 2.7MB. That is why the website may not be accessed and displayed "Service Unavailable. HTTP Error 503. The service is unavailable." There is no database and no data exchange between users and web application.

When "Cyber Security Campaign 2017" website is loading slow or cannot be accessed, the "Cyber Security Professional Awards" website has the same response.

Conclusion

The Windows Server 2012 is hosting 2 websites, "Cyber Security professional Awards" and "Cyber Security Campaign 2017" on Pot 80 and 443 respectively. If there is a proxy server, both websites can use port 80 instead.

The response time of "Cyber Security Campaign 2017" is slow mainly because of the images are large in size and they are fetched from storage.googleapis.com. The googleapis.com is hosting JavaScript only and the upload speed may not be very high. Therefore the bottleneck is at the size of images and slow external storage.

It is very weird that the SSL certificate of "Cyber Security Professional Awards" website is pointed to another domain.

In conclusion, the website is mis-configured and it is not good in design.

That's all! See you.