Feeds

S'kiddies find hacking BT all too easy

Visa and British Midland also hit

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

Hackers are exploiting the failure of firms to update systems even after falling victims to attacks.

Yesterday btworldwide.com, which runs of the s'kiddies favourite Web server IIS, was defaced by Prime Suspectz in an attack which followed hot on the heels of the defacement of search.bt.com on April Fool's Day.

That defacement, which ridiculed BT's slow rollout of ADSL, should have resulted in a review of Web site security but the defacement of another BT Web site shows that this hasn't yet taken place.

Paul Rogers, network security analyst at MIS, said that btworldwide.com didn't have all the latest security patches installed, so enabling the defacement to take place.

"Technicians may have forgotten to apply the latest security patches and this suggests that BT's security policy wasn't followed, or an adequate policy doesn't exist," said Rogers, who added that BT Cellnet's Web site is also insecure.

Rogers has warned BT that its customer details can be lifted from btcellnet.net because they can be viewed within having to enter a secure log-in, which should be in place. He added that BT were informed of the issue some months ago but it is yet to plug up the security loophole.

In a separate attack, Visa, which has issued guidance to Web site merchants on security and ecommerce, apparently hasn't taken note if its own advice if a defacement on its German site today is anything to go by. The defacement, which was recorded by defacement archive Alldas.de and can be seen here, features a message in Portuguese by hackers Reflux and Asouza which bragged that they are now able to buy Webcam with stolen credit card numbers.

Rogers dismissed this claim as pure braggadocio but said that attacks such as that on Visa and on a Web site that acts as a gateway to British Midland's booking system, recordedhere, hardly inspires consumer confidence in online security.

Several users who tried to book flights with British Midland on its site over the weekend were greeted by the message "HackeD By ZorD" instead. Would you be submit your credit card details to this site? ®

Related Stories

Hackers worse than terrorists - Robin Cook
Win-NT/IIS admins made April Fools by hackers
McHackers deface Burger King - again
One in three UK firms hit by cyber-crime

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?