Feeds

S'kiddies find hacking BT all too easy

Visa and British Midland also hit

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Hackers are exploiting the failure of firms to update systems even after falling victims to attacks.

Yesterday btworldwide.com, which runs of the s'kiddies favourite Web server IIS, was defaced by Prime Suspectz in an attack which followed hot on the heels of the defacement of search.bt.com on April Fool's Day.

That defacement, which ridiculed BT's slow rollout of ADSL, should have resulted in a review of Web site security but the defacement of another BT Web site shows that this hasn't yet taken place.

Paul Rogers, network security analyst at MIS, said that btworldwide.com didn't have all the latest security patches installed, so enabling the defacement to take place.

"Technicians may have forgotten to apply the latest security patches and this suggests that BT's security policy wasn't followed, or an adequate policy doesn't exist," said Rogers, who added that BT Cellnet's Web site is also insecure.

Rogers has warned BT that its customer details can be lifted from btcellnet.net because they can be viewed within having to enter a secure log-in, which should be in place. He added that BT were informed of the issue some months ago but it is yet to plug up the security loophole.

In a separate attack, Visa, which has issued guidance to Web site merchants on security and ecommerce, apparently hasn't taken note if its own advice if a defacement on its German site today is anything to go by. The defacement, which was recorded by defacement archive Alldas.de and can be seen here, features a message in Portuguese by hackers Reflux and Asouza which bragged that they are now able to buy Webcam with stolen credit card numbers.

Rogers dismissed this claim as pure braggadocio but said that attacks such as that on Visa and on a Web site that acts as a gateway to British Midland's booking system, recordedhere, hardly inspires consumer confidence in online security.

Several users who tried to book flights with British Midland on its site over the weekend were greeted by the message "HackeD By ZorD" instead. Would you be submit your credit card details to this site? ®

Related Stories

Hackers worse than terrorists - Robin Cook
Win-NT/IIS admins made April Fools by hackers
McHackers deface Burger King - again
One in three UK firms hit by cyber-crime

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.