The Register® — Biting the hand that feeds IT

Coding errors expose hidden area of BT site

Breeches unbuttoned

Free whitepaper – Extended Validation SSL Certificates

Coding errors on BT's price calculator website have left 'hidden' web areas of the site exposed.

Users visiting the call price calculator may be surprised to see the other options on their sidebar and the "you are here" section.

Options include "Cat_HiddenArea", "Cat_HiddenPlaypen" and "Topic_HiddenTest". These diverting-sounding areas actually don't contain much of interest. One page is unavailable, another contains boilerplate text in Latin and the final page "Topic_HiddenTest" gives info to BT's Digital Vault while popping up a login for staging.bt.com. We're not quite sure why.

Altogether it could be a lot worse. BT's made the coding equivalent of neglecting to zip up on leaving the bathroom.

"No significant security breaches, just bad PR and lazy web discipline", notes Reg reader Matthew Johns, who we're grateful to for passing on the tip. ®

Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server

Don’t Miss

HandcuffsFeds: Hospital hacker's 'massive' DDoS averted

Arrest foils 'Devil's Day' scheme

thumbs down teaser 75Buggy 'smart meters' open door to power-grid botnet

Grid-burrowing worm only the beginning

MicrosoftMicrosoft knew of nasty IE bug a year before attacks

Security delayed or security denied?

BlockMaster SafeStickBlockMaster SafeStick hardware-encrypted USB drive

Review Tough enough?