Twitter anyone?
http://www.lmgtfy.com/?q=Alice%E2%80%99s+%E2%80%98Bucket+List%E2%80%99+
Are el reg journos blocked from twitter now?
Posts by arsebiscuiting
2 publicly visible posts • joined 21 Jan 2011
Lulz warns NHS of sick security
Lush website hack 'exposes credit card details'
Friday 21st January 2011 16:09 GMT
Am I being thick?
I've not seen anything which says the attackers picked up passwords from a file or from the database in plain text. This attack would be easily achievable using XSS or simple insertion of code into the PHP on the server at the point the browser commits them. Said code could email to a drop box account or access a remote server to upload the card details.
Without auditing of all live files against the database, an html file could have had a remote scripting attack in it for months without being detected, especially if the site design wasn't changed.
Biting the hand that feeds IT
