BT hacked twice in three days

On Sunday hackers left a rant about ADSL on the site, and yesterday was defaced by the Prime Suspectz group of hackers.

Paul Rogers, network security analyst at MIS, informed sister site vnunet that although BT had patched its server against the well-known hackers’ favourite ‘unicode bug’, it still had other vulnerabilities present.

‘It’s surprising that it’s still not fully secure,’ he said. ‘You’d expect a big company like BT to follow its own in-house security procedures, even down to the web servers.’

Rogers added that a vulnerability still exists on servers allowing an intruder to compromise customer accounts.

‘We warned BT Cellnet about this months ago, but it still hasn’t been patched,’ he said. ‘This is another case of people not following proper security procedure,’ he added.

Credit card company Visa’s German home page was also broken into yesterday, another case of vulnerable versions of NT and IIS 4 not being updated properly. The hackers, Reflux and Asouza, also left a worrying message in their native Portuguese on the site: ‘We will now buy a webcam with the credit card numbers we stole,’ it said.

The comment would appear to be nothing more than a scare tactic, however, as no credit card details are kept on the site.

‘That still doesn’t bode well for Visa’s reputation with customers,’ warned Rogers. ‘Would you still want to use your credit card online with a company that can’t even secure a web server?’

Related reading