The Transportation Authority of Marin Web site was hacked to link to porn sites, causing the Federal agency that oversees .gov domains to temporarily remove ca.gov from Domain Name System servers. The porn links were removed and California and Federal IT workers scrambled to get ca.gov back online before major havoc was unleashed.
The TAM (Transportation Authority of Marin) site is still hacked up with (non-functioning) links to Web pages selling diet pills. Although the links no longer work, the fact that there is still bad code in the page means that someone is not, in my opinion, diligently seeking to secure the site.
When I told Dianne Steinhauser, the executive director of the Marin transportation authority, that the site was still hacked she said, "I'm frustrated." Because the site provides no emergency services, my advice to her was shut it down until she's able to hire a competent site creator and a hosting provider with enough security chops to help keep her site out of the news.
During our conversation Dianne asked me what else she, a non-technical person at a small 10-person agency could do. My advice was to use the still-contaminated pages as a test case for any candidate who said they could do a good job of creating and securing her Web site. If the candidate could identify the problem code, that would be a decent first step.
I put it this way in our conversation, "If a road sign were installed that indicated 'San Francisco, next left' was found to be wrong and that, in fact, to get to San Francisco you had to turn right, you would just put a tarp over the sign and get a corrected one to put in its place. Sure, it's inconvenient to motorists who are not sure if they should turn left or right get to SF, but they'll likely figure it out."
While investigating the TAM issue with malware specialists from Sunbelt Software, we discovered that the Superior Court of California, County of Madera is currently hacked up and linking to drug selling sites. I sent the Court Webmaster an e-mail about the compromise and attempted to reach several Court executives. Calls to the Court had not been returned at the time this blog was posted. When I tried to call the Court for follow up at 2 p.m., all lines were busy; not even the automated attendant was picking up.
I'm still not sure why the GSA was ready to zap ca.gov for the missteps of a small agency while the active drug serving happening at the Superior Court continues even as I write these lines. Maybe the Superior Court uses a different service provider than TAM. If they do, that may explain why the GSA (General Services Administration) in Washington—the agency that took down and then reinstated the ca.gov domain service—isn't reacting in the same way to the Superior Court lapse. I would be truly impressed if the GSA had learned overnight not to use a shotgun when a fly swatter will do.
The physical world still has a lot of common sense rules that work well in the online world. If a small business owner rented a truck and the bumper fell off while going down the freeway, that person would likely get rid of the truck and would also likely be very unlikely to rent from the same agency again. The same thing is basically true for Web sites. .