HackersBlog finds BT.com flaw
By Nicole Kobie,
BT.com is the lastest big firm to have its internet security examined by the prolific folks at HackersBlog.
After finding a flaw at the Telegraph's site earlier this week, Hackersblog posted details of how they claimed to access BT.com’s database using a blind SQL injection.
The hackers write: “A faulty parameter, improperly sanitized opens the vault to the [precious] databases. One can gain access to such ordinary things as personal data, login data, and the like.”
HackersBlog claimed to be able to access login and personal data including names, email addresses and passwords for some users registered with the site.
The hacking site held off publishing the full details of the problem until today in order to let BT fix the flaw. It said the vulnerable pages have now been taken down.
The site added that BT isn’t the only big firm with such troubles, promising to show similar problems with other telcos. “Don’t rush to conclusions and start pointing fingers before you see the next articles where we will show similar issues with other large telecommunication providers. As we said earlier, we don’t take sides, but rather, want to show that the above mentioned vulns [vulnerabilities] can be found almost everywhere.”
HackersBlog added: “We would like to thank BT.com for the fair-play and manners they displayed in addressing this issue in the email we got from them.We appreciate and support the mature and to the point attitude they have. It is very important for us.”
That said, a spokesperson for BT told IT PRO: "BT has carried out a thorough investigation of this alleged breach. We have found that access was gained to a test database and therefore no customer details were revealed at any time.”
“When sites are under test they do not contain live data and are often not included within our secure network until they become operational. BT has developed rigorous, world-leading protection against unauthorised computer access in order to protect customer details and commercial interests,” the statement added.
“Where a suspected intrusion has occurred BT will act swiftly to ensure our customer data is not at risk. Our operational systems have not been affected in any way by this attempt to break through our security."
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Who to trust after the VeriSign hack?
Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
- Are the cookie laws crumbling already?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Google releases Chrome for Android beta
- Will someone rid me of these troublesome Macs?
- OneNote hits Google?s Android
- BlackBerry Bold 9790 review
- Google sends in Bouncer to sort out malicious apps
- Ubuntu vs. Windows 7 on the business desktop
- Who to trust after the VeriSign hack?
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
- ACTA: the basics, the controversies, and the future
- BT considering Ofcom price cap appeal
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Data "Security" Largely a Matter of Luck to Most Companies
Most companies enjoy “security” insofar as they haven’t been targeted, or had an employee make a human error with catastrophic exposure. Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – absent new eCulture, breaches will, and continue to, increase. As CIO, I’m constantly seeking things that work, in hopes that good ideas make their way back to me - check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices. The author, David Scott, has an interview that is a great exposure: www.businessforum.com/DScott_02.html - The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action. In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome – or propagate one.
By Ip_johnfranks999 on Thursday Mar 12