Back to the articleWell... #
Posted Thursday 8th May 2008 18:11 GMT
At least their web site is performing better than their car...
*ducks*
Renault F1 comp site spills entrants' details
Fleetwood Mac puntastic subtitle #
Posted Thursday 8th May 2008 18:11 GMT
*groan*
Even worse, it's a coat related band...
Renault site spills details #
Posted Thursday 8th May 2008 21:21 GMT
Don't those idiots test their websites???
I bet the web developer wrote that site by throwing bananas at the keyboard.
Awesome subtitle #
Posted Friday 9th May 2008 07:20 GMT
I laughed out loud at that one, nice one John.
Quality control... #
Posted Friday 9th May 2008 07:20 GMT
Nice to see Renault uses the same quality control on their website as they do on their cars...... both just as crap
Doesn't surprise me... #
Posted Friday 9th May 2008 08:18 GMT
...if it's the same guy running their web team as a couple of years back. Renault UK wanted to build a purchasing page for it's members in association with our company. We had the meeting and discussed with them how to do it. After 2 months they decided they couldn't do it and gave us 1 week for our web developer to write it himself.
Utter rollocks #
Posted Friday 9th May 2008 08:18 GMT
For the record Renault have always been reactively very good vis a vis data security.
Unfortunately they're not so hot at turning this into being proactive.
But hey, they could of course behave like Oracle. Or Apple.
Not Fixed #
Posted Friday 9th May 2008 08:37 GMT
This has been bodged, not fixed. I just found the website via Google and the details of a guy called Nick in Derby were given to me, email address, postal address, phone number...
Not the first, won't be the last #
Posted Friday 9th May 2008 13:25 GMT
I notiiced a similar issue on the mailing list page of a well known UK sports team. If you go to edit your details, your member id is used as part of the url to your personal details page (www.team.com/edit?id=1234). Changing the id got you to another user's details.
I emailed them, they responded quickly, taking the page down short-term, and fixing it with a proper system within a few days.
You do have to wonder at the mentality of a "developer" who comes up with crap like that and implements it in a live site though. No doubt a simple download of demo code from an HTML For Dummies site, never intended as a secure solution, just a "how does a POST form work" example..
non-story #
Posted Monday 12th May 2008 09:56 GMT
ok a bit of cock up but with the execption of the email address this is hardly sensitive information. name, address, telephone number and postcode? can you say "telephone directory"?
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- Expert Roundtable: The Register Agile Data Center Summit
On-Demand Audio - Dell PowerEdge M710 with Dell EqualLogic storage vs. HP ProLiant BL685c with HP StorageWorks EVA 4400
Virtualizaed Exchange workload performance comparison of end-to-end solutions - Seven ways to optimize VMware server virtualization
Virtualized storage complimenting virtualized applications - Buyer's Guide: ERP Systems
ERP, a strategic investment - Hosted CRM Can Be Your Secret Weapon to Success!
Hosted CRM comparison guide - SMB phone systems product requirements worksheet
Learn which phone system best suits your business's needs
