Articles about website security

Ofsted downplays site security concerns

UK school regulator Ofsted has downplayed security concerns about its website, adding that its policies will be further involved once a planned revamp is completed. El Reg learnt of the concerns from parent Oli, who approached us after failing to receive a response to his concerns either from Ofsted (Office for Standards in …
John Leyden, 11 Apr 2017
Couple in snorkelling gear at the travel agents... Comedy snap. Photo by Shutterstock

UK's Association of British Travel Agents cops to data breach

A hack attack on the Association of British Travel Agents (ABTA) has exposed the personal details of thousands of consumers and hundreds of tour operators and travel agents. Data for up to 650 ABTA members and up to 43,000 consumers was exposed by the breach, which dates from late last month. In a statement on Thursday. The …
John Leyden, 16 Mar 2017
Heart falls into crack. Photo by Shutterstock

UK website data insecurity worries: Users in bits over car break-up emails

Updated Popular car parts website PartsGateway.co.uk is dangerously insecure, a veteran UK security consultant warns. The warning from Paul Moore comes in the midst of ongoing social media complaints (example here) by customers who say they have received phishing mails containing personal addresses and phone numbers. One of the users …
John Leyden, 14 Feb 2017

Good guy Logic Supply resolves breach in days, unlike some companies

US-based industrial computer supplier Logic Supply has reset user passwords following a suspected security breach. Unauthorised access through the firm's website on 6 February may have exposed customer/company names, usernames and passwords, and order information. Payment card details were not exposed, Logic Supply reassured …
John Leyden, 8 Feb 2017

Biz security deadline knocked back 3 months 'cos Brits ignored it

A deadline for businesses to make sure they were compatible with new payment security measures has been extended after around 1,000 UK companies failed to take the necessary action. These businesses risked being unable to pay staff and suppliers, forcing Bacs Payment Schemes Limited to extend its deadline by three months from …
John Leyden, 15 Jun 2016
Katipunan, Quezon City, Philippines. Photo by Chris Villarin, CC 3.0

Megabreach: 55 MILLION voters' details leaked in Philippines

A massive data breach appears to have left 55 million Philippine voters at much greater risk of identity fraud and more. Security researchers warn that the entire database of the Philippines’ Commission on Elections (COMELEC) has been exposed in what appears to be the biggest government related data breach in history. The …
John Leyden, 7 Apr 2016
classroom_shutterstock_648

Mathletics promises security upgrades after parents' security gripes

Mathletics, an e-learning platform for mathematics that is used by millions of school kids across the English speaking world, has admitted a coding error that meant kids’ login details were transmitted in the clear. Developers Australia-based 3P Learning said that the security snafu was down to a coding error, which it has …
John Leyden, 29 Feb 2016
Bank vault

Sainsbury's Bank web pages stuck on crappy 20th century crypto

Update Sainsbury's Bank website still relies on insecure cryptography protocols that more security conscious organisations have abandoned as obsolete. The UK supermarket-owned bank’s "secure" site rates an “F” in tests using the industry standard Qualys’ SSL Labs service – chiefly because of the support for protocols security experts …
John Leyden, 25 Jan 2016

Crimestoppers finally revamps weak crypto. Take your time guys

UK crime tip-off service Crimestoppers has revamped its weak website crypto after months of running a system that relied upon obsolete protocols. Crimestoppers "secure" form was previously insecure – rating an “F” in tests using the industry standard SSL Labs service last month – chiefly because of the site’s use of the SSLv2 …
John Leyden, 20 Nov 2015
Uber - living the dream

Uber quickly fixes snafu that leaked US-based drivers' personal data

Uber has accidentally exposed the personal details of hundreds of US drivers as the result of a software bug, revealing names, social security numbers, pictures of drivers' licences, tax forms, and other sensitive information, before the issue was resolved soon after discovery. The problem was spotted by one of Uber’s partners …
John Leyden, 15 Oct 2015

Shuttle bus firm Terravision belatedly adopts https for credit card sales

The pro-privacy 'https everywhere' campaign is gaining traction, but one e-commerce site is only just adopting the long-established technology in order to keep credit card details safe. Airport shuttle bus firm Terravision has just moved to https for online sales following a El Reg reader complaint. Tom W complained to both …
John Leyden, 7 Oct 2015
casino_security_648

MS privacy policy website subverted to pimp gambling sites

Microsoft's privacy and surveillance policy micro-site has been hacked to promote gambling sites. The Digital Constitution site – launched two years ago in the wake of the Edward Snowden leaks – offers a platform for Microsoft's stance on privacy issues and government surveillance. But, earlier this week the site was modified …
John Leyden, 19 Jun 2015
band_aid_patching_648

US National Vulnerability Database contained ... yup, an XSS vuln

The US National Vulnerability Database was itself left vulnerable to cross-site scripting last week. The NVD serves as a definitive source of information on CVE security flaws. The XSS vulnerability meant that a skilled hacker could present surfers with content from arbitrary third-party sites as if it came from the NVD itself …
John Leyden, 18 Jun 2015
Indian riot

Indian music streaming service Ganaa hacked, site yanked offline

Service has been suspended, and passwords reset, following a hack against Indian music streaming service Ganaa. Ganaa detailed its response to the newly-discovered security breach in a series of updates to its official Twitter feed. We have temporarily removed access to our website and app as a vulnerability in one of our …
John Leyden, 28 May 2015
Manneken pis wears football kit. Source: James Cridland, Flickr

Tesla Twitter account and website hijacked, Elon Musk pwned

The website and Twitter account of carmaker Tesla were hacked over the weekend, as part of what looks like a prank between rival hackers. Elon Musk’s personal Twitter account was also hijacked on Saturday night (US time) by miscreants who at one point claimed to be from the infamous Lizard Squad hacking crew. The name …
John Leyden, 27 Apr 2015
WordPress

Pro-ISIS script kiddies deface Dublin Rape Crisis Centre site

The FBI has begun investigating the hack of a number of websites – including the site of Dublin Rape Crisis Centre – by pro-ISIS script kiddies. The Dublin Rape Crisis Centre in Ireland was defaced so that its home page featured the black ISIS flag and the message "Hacked by ISIS, we are everywhere." A Flash audio plug-in …
John Leyden, 10 Mar 2015
Roller shutter

Thousands of UK drivers' details leaked through hole in parking ticket website

Thousands of UK drivers have been caught up in a data breach at a UK parking firm. A database of parking ticket details held by PaymyPCN.net covering almost 10,000 motorists was mistakenly published online. A security flaw on the private parking firm's website allowed public access to names, addresses, photographs and emails …
John Leyden, 27 Feb 2015
Clog dancers. image via shutterstock http://www.shutterstock.com/pic-138156878/

Dutch government websites KO'd by 10-hour DDoS

The Netherlands government’s websites were taken offline for around 10 hours on Wednesday following a DDoS attack. The motive for the sustained packet-flinging assault – directed against the Dutch government website's hosting provider, Prolocation – remains unclear. A brief statement (Google translation here) by the Dutch …
John Leyden, 12 Feb 2015

Create a news alert about website security, or find more stories about website security.

Biting the hand that feeds IT © 1998–2018