back to article Daily Telegraph hit by SQL hack attack

Vulnerabilities on a Daily Telegraph website have been exposed by serial grey-hat hacker Unu. In a posting on the hackersblog site Unu outlines a number of SQL injection security weaknesses on the newspaper's website. The entry, which includes screenshots to substantiate the claim, claims that subscriber email addresses were …

COMMENTS

This topic is closed for new posts.
  1. Adrian Challinor
    Joke

    Old but good

    http://xkcd.com/327/

  2. Anonymous Coward
    Anonymous Coward

    XSS

    Considering its front page search box accepts "><iframe src="blah blah"> happily, it's not so surprising. Then that's middle England for you, standards slipping, etc.

  3. Man Outraged
    Happy

    Ah - that makes a refreshing change...

    A company taking prompt action, acknowleding a weakness and thanking the hacker? Whatever has the world come to. I guess guys at The Telegraph are expert at handling PR issues - a few other companys I could name but won't should follow their lead...

    Calm today.

  4. Dennis
    Stop

    Re: Ah - that makes a refreshing change...

    "thanking the hacker"

    Err .... I read the article again and I can't see anywhere where the hacker is thanked. Yes they acknowledged the problem and yes they took prompt action. But there's no mention of thanking the hacker, merely acknowledging that the problem was reported by hackersblog.org.

  5. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    Fun with the Telegraph

    You can have some other fun with the Telegraph links....

    For example, here's their article about the Spotify hack:

    http://www.telegraph.co.uk/news/4949044/Spotify-hacked-top-recent-hacker-stories.html

    and here's the same article with a much funnier URL:

    http://www.telegraph.co.uk/news/4949044/We-copy-all-our-stories-from-El-Reg.html

    I'm sure you can all think up some better URLs than me ;-)

  7. Man Outraged

    @dennis

    Sorry Dennis I read the full statement over at the Maily Telegraph:

    http://blogs.telegraph.co.uk/shane_richmond/blog/2009/03/09/hackersblog_and_telegraphcouk

    "Now hackers are rarely embraced as being friends but in this instance it's important to thank the team at hackersblog.org for bringing these issues to our attention..."

  8. Edward Miles

    Plain-text passwords?

    *facepalm*

  9. Jord

    Cheesbrough

    Surely one of the best names in the nistory of the world...?

  10. Dennis
    Flame

    Re: Hmm

    "Take responsibility for security on your own site"

    "It was a third party who done it, not us"

    Obviously you don't rely on a garage to service your car - you take responsibility and do it yourself.

    And you don't rely on parts from the manufacturer - you take responsibility and make your own brake pads.

    And you don't rely on farmers and supermarkets - you take responsibility and grow all your own food.

  11. James Condron

    Oh Sheeeyugah

    I bought a copy of that paper earlier (All out of the Daily Sport at Scunthorpe train station) and now feel ill... Is that Scunthorpe or was my newspaper carrying some sort of viral payload? Should I consult an undertaker?

  12. Daniel Free
    Stop

    yet another reason

    that companies should be required to have a hand written acceptance letter before they are allowed to share data with any "partner" sites or businesses.

  13. Eric Pinkerton
    Joke

    Gold!

    From Trends Security Suggestions (Linked from article)

    "Trend Micro recommends the usage of the Comma Delimited Format when saving or exchanging Excel spreadsheets. Comma Delimited files (with the .csv file extension) have the same functionality as regular workbooks (with the .xls extension) ."

  14. Martin Pittaway

    Decision Making Process

    Will I ever understand why intelligent people persist in using an operating system that is so wide open to abuse. Microsoft will never adopt the same operating ethos as Apple so why not buy the Apple in the first place rather than wish you had?

  15. David Lawrence
    Stop

    Apple Fanboi alert - Martin Pittaway

    I wondered how long it would take for a fanboy to post a totally irrelevant comment about how good Apples are. What's that got to do with a website being attacked in this way exactly? Are you suggesting people should run enterprise-sized sites on Apple hardware and software?

This topic is closed for new posts.

Other stories you might like