back to article Daily Telegraph hit by SQL hack attack

Vulnerabilities on a Daily Telegraph website have been exposed by serial grey-hat hacker Unu. In a posting on the hackersblog site Unu outlines a number of SQL injection security weaknesses on the newspaper's website. The entry, which includes screenshots to substantiate the claim, claims that subscriber email addresses were …

COMMENTS

This topic is closed for new posts.
Joke

Old but good

http://xkcd.com/327/

0
0
Anonymous Coward

XSS

Considering its front page search box accepts "><iframe src="blah blah"> happily, it's not so surprising. Then that's middle England for you, standards slipping, etc.

0
0
Happy

Ah - that makes a refreshing change...

A company taking prompt action, acknowleding a weakness and thanking the hacker? Whatever has the world come to. I guess guys at The Telegraph are expert at handling PR issues - a few other companys I could name but won't should follow their lead...

Calm today.

0
0
Stop

Re: Ah - that makes a refreshing change...

"thanking the hacker"

Err .... I read the article again and I can't see anywhere where the hacker is thanked. Yes they acknowledged the problem and yes they took prompt action. But there's no mention of thanking the hacker, merely acknowledging that the problem was reported by hackersblog.org.

0
0
Anonymous Coward

Hmm

Incompetent Telegraph staff: Take responsibility for security on your own site. Your readers might be idiots, but I can't imagine they're all accepting 'It was a third party who done it, not us' as any kind of excuse.

Also, saying 'X is very important to us' after a clear demonstration that it is not might be trendy, but it's still lying.

0
0
Anonymous Coward

Fun with the Telegraph

You can have some other fun with the Telegraph links....

For example, here's their article about the Spotify hack:

http://www.telegraph.co.uk/news/4949044/Spotify-hacked-top-recent-hacker-stories.html

and here's the same article with a much funnier URL:

http://www.telegraph.co.uk/news/4949044/We-copy-all-our-stories-from-El-Reg.html

I'm sure you can all think up some better URLs than me ;-)

0
0

@dennis

Sorry Dennis I read the full statement over at the Maily Telegraph:

http://blogs.telegraph.co.uk/shane_richmond/blog/2009/03/09/hackersblog_and_telegraphcouk

"Now hackers are rarely embraced as being friends but in this instance it's important to thank the team at hackersblog.org for bringing these issues to our attention..."

0
0

Plain-text passwords?

*facepalm*

0
0

Cheesbrough

Surely one of the best names in the nistory of the world...?

0
0
Flame

Re: Hmm

"Take responsibility for security on your own site"

"It was a third party who done it, not us"

Obviously you don't rely on a garage to service your car - you take responsibility and do it yourself.

And you don't rely on parts from the manufacturer - you take responsibility and make your own brake pads.

And you don't rely on farmers and supermarkets - you take responsibility and grow all your own food.

0
0

Oh Sheeeyugah

I bought a copy of that paper earlier (All out of the Daily Sport at Scunthorpe train station) and now feel ill... Is that Scunthorpe or was my newspaper carrying some sort of viral payload? Should I consult an undertaker?

0
0
Stop

yet another reason

that companies should be required to have a hand written acceptance letter before they are allowed to share data with any "partner" sites or businesses.

0
0
Joke

Gold!

From Trends Security Suggestions (Linked from article)

"Trend Micro recommends the usage of the Comma Delimited Format when saving or exchanging Excel spreadsheets. Comma Delimited files (with the .csv file extension) have the same functionality as regular workbooks (with the .xls extension) ."

0
0

Decision Making Process

Will I ever understand why intelligent people persist in using an operating system that is so wide open to abuse. Microsoft will never adopt the same operating ethos as Apple so why not buy the Apple in the first place rather than wish you had?

0
0
Stop

Apple Fanboi alert - Martin Pittaway

I wondered how long it would take for a fanboy to post a totally irrelevant comment about how good Apples are. What's that got to do with a website being attacked in this way exactly? Are you suggesting people should run enterprise-sized sites on Apple hardware and software?

0
0
This topic is closed for new posts.

Forums