Friday, April 10, 2009

Lawyers & Settlements - (o)(O)ps...

Would you consider this hypocrisy, irony or some combination of both? a news site that publishes cases like class-action law suits against corporations for data breach, negligence, etc... (see link): is just as guilty as those companies being sued for poor security practice. They've got some basic web site issues that if properly manipulated could lead to the compromise of their users. It would sure be ironic if they ended up on their own pages, wouldn't it? I mean, I'm no lawyer and have zero expertise in this but it would be kind of funny.

That being said, the fact that you can simply do this should be embarrassing, to say the least - and a little hypocritical to be sure

I wonder how seriously they take security? I also wonder if they grasp that the simple cross-site scripting (XSS) issue demonstrated here could be weaponized to make a whole lot of additional zombie machines (like we need any more of those)!

I've sent them a request via their contact us page, I hope to get their reply soon and hopefully they'll fix the issue... and review their web site security some.


Anonymous said...

Thanks for the heads up. We'll take a look and see that we get this fixed.

Rafal Los said...

@Anonymous - Thanks! I also dropped an email as well, thank you for responding so quickly! I'm sure your readers will appreciate it.