Company made to change name that could be used for website hacks

0

Companies have jokingly given themselves code-based names in the past (you can thank XKCD for that), but one of them was just forced to mend its ways. The Guardian reports that UK business registrar Companies House has forced a software consultant to change his company name after discovering that it could launch cross-site scripting attacks against vulnerable pages — yes, including Companies House. A site could have inadvertently compromised itself just by mentioning the company, which could be more than a little embarrassing for officials who greenlit the name.

The initial name, ““><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD,” risked confusing sites that didn’t handle the HTML formatting properly. They would think the company name was blank and run a script from the troubleshooting site XSS Hunter. It’s an innocuous script that would simply have put up a warning, but Companies House wasn’t willing to take any chances. The name might have “presented a security risk” to some sites, a spokesperson said.

FOLLOW us ON GOOGLE NEWS

 

Source

Get real time updates directly on you device, subscribe now.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More