Thursday, February 17, 2011

BBC Sites Injected with Nasty IFRAME

An article in Dark Reading today tells about a nasty attack on two BBC sites that has an IFRAME injected onto the site that downloads nastiness to your computer, and only 20% of the anti-virus software packages catch it. OW!

Read the article

Key thing is injected. It almost makes it sound like BBC is a victim, doesn't it? "Hey did you read how the bad guys injected this nasty code into two BBC sites?" Folks, in a sense they ARE a victim, with an unwanted set of code put there by some 3rd party. But um, hello??!! YOU LEFT THE DOOR OPEN!!

When you read the word "injected", think "unwitting developer leaving a wide open door for hacker to put stuff on their site". BBC...surely lots of developers, a few development managers, must have some infosec and compliance people. And a hole like that is left open?

Maybe it was a tricky hole or something really brilliant that got around the standard defenses. But I have a hard time thinking that is the case.

In any case, the developers left a hole open.

So my question to you is:

How many headlines will it take before you change your code?

Don't wait until you ARE the headline...

No comments:

Post a Comment