Companies House web security exposed

Scrobbs · 09-Oct-2012, 01:15

...for being piss poor. Expect an article from The Reg.

http://ramblingrant.co.uk/2012/10/07...ast-expect-it/

EvilGrin · 09-Oct-2012, 09:52

You've got to try hard to be that bad!

burundi · 09-Oct-2012, 10:17

That's embarrasing, I've alerted our Business Law team as they use Companies House quite abit obviously.

Scrobbs · 09-Oct-2012, 13:45

In theory the session-less-ness shouldn't affect you too badly if you're connecting over corp lan - providing you can trust your employees to not steal the company from underneath you! Just don't visit it via public wifi/networks. There's nothing you can do beyond that point, and if the site is truly compromised via DNS, then everyone is boned.

Hopefully there is some shouting going on somewhere in CH security dept. If they have one.

EvilGrin · 09-Oct-2012, 14:41

Is the result of one of those famously successful Goverment IT outsourcing schemes I wonder?

milou · 09-Oct-2012, 14:50

I expect so. Gov't doesn't really know what it wants, and private sector either unable to deliver and/or milks it. Ours cost £60m apparently. For a spreadsheet.

09-Oct-2012, 01:15	#1
Scrobbs Sunnyvale Supervisor Join Date: Oct 2003 Location: In the pipe, five by five. Posts: 13,529	Companies House web security exposed ...for being piss poor. Expect an article from The Reg. http://ramblingrant.co.uk/2012/10/07...ast-expect-it/ __________________ http://bit.ly/debatethebill

09-Oct-2012, 09:52	#2
EvilGrin click here to reset post count Join Date: Oct 2003 Location: Lancs, UK. Posts: 5,578	You've got to try hard to be that bad! __________________ Edugeek - Techies in Education!

09-Oct-2012, 10:17	#3
burundi WARNING: May contain nuts Join Date: Oct 2003 Location: Prestonia Posts: 10,530	That's embarrasing, I've alerted our Business Law team as they use Companies House quite abit obviously. __________________ Want UnLtd Mobile Data & Texts for £12 a month PAYG? - Order a free GiffGaff SIM via this link and get an additional free £5 credit. At £12 a month data is unlimited with no fair usage policy! ** Have you added yourself to the trickery members map ** WANTED: Something witty to go here.

09-Oct-2012, 13:45	#4
Scrobbs Sunnyvale Supervisor Join Date: Oct 2003 Location: In the pipe, five by five. Posts: 13,529	In theory the session-less-ness shouldn't affect you too badly if you're connecting over corp lan - providing you can trust your employees to not steal the company from underneath you! Just don't visit it via public wifi/networks. There's nothing you can do beyond that point, and if the site is truly compromised via DNS, then everyone is boned. Hopefully there is some shouting going on somewhere in CH security dept. If they have one. __________________ http://bit.ly/debatethebill

09-Oct-2012, 14:41	#5
EvilGrin click here to reset post count Join Date: Oct 2003 Location: Lancs, UK. Posts: 5,578	Is the result of one of those famously successful Goverment IT outsourcing schemes I wonder? __________________ Edugeek - Techies in Education!

09-Oct-2012, 14:50	#6
milou keeping it elderly Join Date: Oct 2003 Location: Coast hugging Posts: 6,081	I expect so. Gov't doesn't really know what it wants, and private sector either unable to deliver and/or milks it. Ours cost £60m apparently. For a spreadsheet. __________________ 100% zimmer photoblog