Old but good
Vulnerabilities on a Daily Telegraph website have been exposed by serial grey-hat hacker Unu. In a posting on the hackersblog site Unu outlines a number of SQL injection security weaknesses on the newspaper's website. The entry, which includes screenshots to substantiate the claim, claims that subscriber email addresses were …
Considering its front page search box accepts "><iframe src="blah blah"> happily, it's not so surprising. Then that's middle England for you, standards slipping, etc.
A company taking prompt action, acknowleding a weakness and thanking the hacker? Whatever has the world come to. I guess guys at The Telegraph are expert at handling PR issues - a few other companys I could name but won't should follow their lead...
"thanking the hacker"
Err .... I read the article again and I can't see anywhere where the hacker is thanked. Yes they acknowledged the problem and yes they took prompt action. But there's no mention of thanking the hacker, merely acknowledging that the problem was reported by hackersblog.org.
Incompetent Telegraph staff: Take responsibility for security on your own site. Your readers might be idiots, but I can't imagine they're all accepting 'It was a third party who done it, not us' as any kind of excuse.
Also, saying 'X is very important to us' after a clear demonstration that it is not might be trendy, but it's still lying.
You can have some other fun with the Telegraph links....
For example, here's their article about the Spotify hack:
and here's the same article with a much funnier URL:
I'm sure you can all think up some better URLs than me ;-)
Sorry Dennis I read the full statement over at the Maily Telegraph:
"Now hackers are rarely embraced as being friends but in this instance it's important to thank the team at hackersblog.org for bringing these issues to our attention..."
Surely one of the best names in the nistory of the world...?
"Take responsibility for security on your own site"
"It was a third party who done it, not us"
Obviously you don't rely on a garage to service your car - you take responsibility and do it yourself.
And you don't rely on parts from the manufacturer - you take responsibility and make your own brake pads.
And you don't rely on farmers and supermarkets - you take responsibility and grow all your own food.
I bought a copy of that paper earlier (All out of the Daily Sport at Scunthorpe train station) and now feel ill... Is that Scunthorpe or was my newspaper carrying some sort of viral payload? Should I consult an undertaker?
that companies should be required to have a hand written acceptance letter before they are allowed to share data with any "partner" sites or businesses.
From Trends Security Suggestions (Linked from article)
"Trend Micro recommends the usage of the Comma Delimited Format when saving or exchanging Excel spreadsheets. Comma Delimited files (with the .csv file extension) have the same functionality as regular workbooks (with the .xls extension) ."
Will I ever understand why intelligent people persist in using an operating system that is so wide open to abuse. Microsoft will never adopt the same operating ethos as Apple so why not buy the Apple in the first place rather than wish you had?
I wondered how long it would take for a fanboy to post a totally irrelevant comment about how good Apples are. What's that got to do with a website being attacked in this way exactly? Are you suggesting people should run enterprise-sized sites on Apple hardware and software?