BT Web site security blunder
PrintOne password fits all
Posted in Music and Media, 23rd August 2000 16:17 GMT
Free whitepaper – Total cost of ownership of Dell, HP and IBM blade solutions
Updated The Insight Interactive portion of the BT.com Web site has a gaping hole in its security.
Any registered user's details can be accessed by entering their user name and password. The trouble is, the same password works whichever username you use.
And no, we are not going to tell you what the password is. Or how the user names work.
Details recorded on the site are work related: job title and work address, rather than any home details. So while no one's personal life has been compromised, it is still rather embarrassing for BT.
No one at BT could be reached for comment by the close of play today, nor could anyone tell us what the "Insight Interactive" project was or is.
And to top it all off I've been cookied and when I go back to the BT.com site I am welcomed as Andy. Oh well, maybe the androgynous thing will be in again this autumn. ®
Update:
Insight Interactive is a business to business knowledge sharing database, BT said today. The scheme was only very recently set up and membership is still on an invitation only basis. Upon invitation, members were issued with a pin code and a generic password which they were supposed to change immeidiately.
BT says that it has suspended all inactive Insight accounts, and is looking into ways of generating unique passwords for the members.
Enabling the Agile Data Center
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Google Spanner — instamatic redundancy for 10 million servers?
Early adopters bloodied by Ubuntu's Karmic Koala
Fedora 12 polishes Linux for netbooks
Sign up, sign up for The Register IT security newsletter