back to article Plague of web bugs descend on British sites

It's been a busy week for high-profile web vulnerabilities, with discoveries of careless bugs on the sites of three British companies. Online banking sites for HSBC and Barclays Group and the website for The Telegraph were caught with their pants down, as hackers published screenshots and other details that showed all three …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Unhappy

    Ha!

    "piping commands directly to a site's back end"

    That can be nasty!!

  2. Anonymous Coward
    Anonymous Coward

    Off shoring

    this is what happens, quality just drops away, no one cares and big companies are left with their little boy trousers round their ankles.

  3. Kev K
    Paris Hilton

    might be a dumb question

    but don't they teach you to sanitize your data on pretty much day one of the "how to write web applications" class ?

    What little I know says that's the first thing you check for (and I'm self taught)

    And for every web app I've had written for clients gets sent off for pen tested by a very nice company I know for a "proper" go at breaking it

    Seems the bright thing to do <shrugz> though like I said Im self taught but like keeping my customers so what do I know ?

    Ohh and PLEASE dont post that XKCD cartoon again - we have all see in about 30 times now and get the joke

    Kev

    Paris as she knows the trouble a decent penetration can cause ;)

  4. Anonymous Coward
    Paris Hilton

    Leave my backdoor alone

    There'll be no piping without permission!

  5. Anonymous Coward
    Flame

    @a/c

    Take it you know 100% that these are offshored?

    And what about the 2/3's of websites that have XSS issues are all these offshored?

  6. Anonymous Coward
    Anonymous Coward

    Title?

    Anyone that logs into their internet banking via a link someone else has given to them is an idiot. Period.

  7. Anonymous Coward
    Anonymous Coward

    Really competent professionals

    are expensive which is detrimental to company's bottom line.

  8. Anonymous Coward
    Stop

    @ all those who are pointing the fingers at offshoring companies

    ...there are other culprits:

    :: "programmers" who are hired out of the call centres because they've written a "hello world" website and so management think they must be whizzkids;

    :: self-taught coders who never read a security blog or articles teaching them how to better their code so they drift along thinking they're good at their job;

    :: companies who don't enforce peer review either through lack of time, or incompetence.

    :: contractors who are in it for the quick buck or speedy solution (disclaimer: I am a contractor but I am not a cowboy)

    :: sign-off departments who only test if something works (in IE6), not how it works if you try to break it using devious methods.

    Sadly, coding for prevention takes time and businesses are loathe to spend the monies required to take the time to do a job properly, or hire the right people for the job.

  9. Charles King

    The 1990s called....

    @KevK:

    Spot on.

    SQL injections were big news 10 years ago. The fact that this sort of simple attack is still working on major websites just boggles the mind.

  10. mafro
    Flame

    This reminds me of an xkcd cartoon..

    Which you've all seen a million times on thedailywtf.

  11. Ihre Papiere Bitte!!
    Joke

    @mafro

    which xkcd cartoon would that be then? Care to post a link?

    *ducks shoe thrown by Kev K*

This topic is closed for new posts.

Other stories you might like