The Register® — Biting the hand that feeds IT

Feeds

Rugby World Cup reporters swap identities in login glitch

Rugger buggers' buggy buggerup

By John Leyden, 1st September 2011
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

The Rugby World Cup has hit a security snag just over a week before the eagerly awaited tournament kicks off in New Zealand.

Media partners logging into the dedicated media centre system were confronted with the profiles of other journalists instead. Sysadmins are trying to get to the bottom of the problem, in the meantime they are advising journos to reload the web page if they hit the problem, as explained in a notice (issued on Thursday) below.

RWC MEDIA ALERT

RWC 2011 Media Centre – login issue

A few people have experienced issues when logging on to the RWC 2011 Media Centre.

Specifically, some people are seeing someone else's profile after they enter their temporary password and go to the 'My profile' page.

If you experience this issue, please can you try refreshing the web page until you see your details?

If this does not work, please email mchelp@rugbyworldcup.com. We will get back to you as soon as we can.

We are working to resolve this issue and apologise for the inconvenience caused.

RWC 2011 Media Centre

The issue illustrates the teething problems that arise when you set up a system from scratch. Practical problems arising from the glitch are hard to gauge but its probably not the best idea if Australian media, for example, get wind of Kiwi TV broadcast plans. ®

Bootnote

Thanks to broadcast contractor Pete for the heads-up on the problem.

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (6)
Highly Rated
Anonymous Coward

Caching

Clearly the sysadmins know that. Are the developers aware of session management?

2
0
Promotor Fidei

Sounds familiar

I've had that at a company where I had worked for a week for evaluation purposes.

They had a shop-in-shop system and some shop administrators would get logged in into the wrong shop backend. Turned out the login function just compares user and password hash, not the actual shop id. So the first match was used, which was not always the correct one. Especially with the shops the company administrated since those all had the same user/pass.

They never offered me a job so it hasn't been fixed and there is no one at the company even capable of understanding the problem, never mind fixing it. I left a note for a hot-fix (never ever use the same username for two shops) but I doubt anyone there can even understand that.

1
0
Jefe Mixtli

Let's all Thread safely people

Someone's session manager isn't thread safe!

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15