Feeds

S'kiddies find hacking BT all too easy

Visa and British Midland also hit

  • alert
  • submit to reddit

High performance access to file storage

Hackers are exploiting the failure of firms to update systems even after falling victims to attacks.

Yesterday btworldwide.com, which runs of the s'kiddies favourite Web server IIS, was defaced by Prime Suspectz in an attack which followed hot on the heels of the defacement of search.bt.com on April Fool's Day.

That defacement, which ridiculed BT's slow rollout of ADSL, should have resulted in a review of Web site security but the defacement of another BT Web site shows that this hasn't yet taken place.

Paul Rogers, network security analyst at MIS, said that btworldwide.com didn't have all the latest security patches installed, so enabling the defacement to take place.

"Technicians may have forgotten to apply the latest security patches and this suggests that BT's security policy wasn't followed, or an adequate policy doesn't exist," said Rogers, who added that BT Cellnet's Web site is also insecure.

Rogers has warned BT that its customer details can be lifted from btcellnet.net because they can be viewed within having to enter a secure log-in, which should be in place. He added that BT were informed of the issue some months ago but it is yet to plug up the security loophole.

In a separate attack, Visa, which has issued guidance to Web site merchants on security and ecommerce, apparently hasn't taken note if its own advice if a defacement on its German site today is anything to go by. The defacement, which was recorded by defacement archive Alldas.de and can be seen here, features a message in Portuguese by hackers Reflux and Asouza which bragged that they are now able to buy Webcam with stolen credit card numbers.

Rogers dismissed this claim as pure braggadocio but said that attacks such as that on Visa and on a Web site that acts as a gateway to British Midland's booking system, recordedhere, hardly inspires consumer confidence in online security.

Several users who tried to book flights with British Midland on its site over the weekend were greeted by the message "HackeD By ZorD" instead. Would you be submit your credit card details to this site? ®

Related Stories

Hackers worse than terrorists - Robin Cook
Win-NT/IIS admins made April Fools by hackers
McHackers deface Burger King - again
One in three UK firms hit by cyber-crime

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.