Feeds

S'kiddies find hacking BT all too easy

Visa and British Midland also hit

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Hackers are exploiting the failure of firms to update systems even after falling victims to attacks.

Yesterday btworldwide.com, which runs of the s'kiddies favourite Web server IIS, was defaced by Prime Suspectz in an attack which followed hot on the heels of the defacement of search.bt.com on April Fool's Day.

That defacement, which ridiculed BT's slow rollout of ADSL, should have resulted in a review of Web site security but the defacement of another BT Web site shows that this hasn't yet taken place.

Paul Rogers, network security analyst at MIS, said that btworldwide.com didn't have all the latest security patches installed, so enabling the defacement to take place.

"Technicians may have forgotten to apply the latest security patches and this suggests that BT's security policy wasn't followed, or an adequate policy doesn't exist," said Rogers, who added that BT Cellnet's Web site is also insecure.

Rogers has warned BT that its customer details can be lifted from btcellnet.net because they can be viewed within having to enter a secure log-in, which should be in place. He added that BT were informed of the issue some months ago but it is yet to plug up the security loophole.

In a separate attack, Visa, which has issued guidance to Web site merchants on security and ecommerce, apparently hasn't taken note if its own advice if a defacement on its German site today is anything to go by. The defacement, which was recorded by defacement archive Alldas.de and can be seen here, features a message in Portuguese by hackers Reflux and Asouza which bragged that they are now able to buy Webcam with stolen credit card numbers.

Rogers dismissed this claim as pure braggadocio but said that attacks such as that on Visa and on a Web site that acts as a gateway to British Midland's booking system, recordedhere, hardly inspires consumer confidence in online security.

Several users who tried to book flights with British Midland on its site over the weekend were greeted by the message "HackeD By ZorD" instead. Would you be submit your credit card details to this site? ®

Related Stories

Hackers worse than terrorists - Robin Cook
Win-NT/IIS admins made April Fools by hackers
McHackers deface Burger King - again
One in three UK firms hit by cyber-crime

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.