Feeds

160+ UK Web sites defaced over petrol tax

Dumb admins using default passwords with SQL

  • alert
  • submit to reddit

High performance access to file storage

A protester identifying himself as 'Herbless' defaced 168 corporate Web sites Friday with a message urging public support for demonstrators standing up against high fuel taxes in the UK.

"Our government has now started to spread FUD (Fear, Uncertainty, Doubt) propaganda through the media in the hope that they can dispel puplic [sic] support for the protest that is taking place all around Britain," Herbless said.

He notes that 72 per cent of the price of petrol in the UK is tax, that production costs are one of the cheapest in Europe, though retail prices are the highest in Europe.

He also takes issue with media reports and government statements painting the protests as obstructive. "Despite the fact that there are no blockades, tankers will not leave the distribution centres. This has led to wide-spread speculation that the policy not to deliver petrol is in fact being handed down from the petrol companies," he said.

The message closes with an appeal for public support of those on the front lines. "If you live near a picket line, go and give your support. Applaud the lorry drivers. Make cups of tea and sandwiches for the picketers. Write to your MP pledging your support," he urged.

The final note, "Admin: Learn how to change passwords. Hint: SQL server doesn't just do SQL," suggests that Herbless probably scanned a large number of sites for installations of the MS SQL server with default passwords in place. Administrators are supposed to change the password before going live, but apparently there are a vast number maintaining commercial sites who can't understand the documentation. Perhaps reading tests ought to become a standard part of the recruitment process.

Herbless easily exploited such sites as specsavers.com, jobs.co.uk, itforhire.co.uk, travelfocus.co.uk, brandimage.co.uk, and many others in this attack. He defaced nine government Web sites last month and the Legoland.co.uk site last week. ®

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.