Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Can we help BT forums with their security
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Can we help BT forums with their security
Can we help BT forums with their security
18-10-2008 12:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
How abiout this as a method of writing (not) software for forums security
link1
link2
link3
Going threough the second link produced this link
link1
link2
link3
Going threough the second link produced this link
Quote BT's version of the truth about BT Beta forums.
http://www.beta.bt.com/bta/forums/thread.jspa?threadID=6959&tstart=0
We've identified a technical issue with the BT.com forum which, under certain specific circumstances, makes usernames visible. In the meantime, we've locked the forums while we fix this issue. No personal information or passwords have been affected.
Cough, splutter, choke, gasps for air. Reality check needed.
My version of the truth.
CUSTOMERS/USERS identified a technical data/privacy issue with the entire BT Beta forum which at all times, with no user interaction required, exposed certain users private personal information constantly to the internet, allowed it to be harvested by Google (where it could be located), viz. email addresses. It took several days for BT to even diagnose the problem after being notified, as they locked down the various leaking features of the forum operation - viz:
The source code of User Profile pages
The image properties of avatar images
The RSS links for the User Profile
The browser address bar for the RSS page.
The final leak which they found LAST, and only after a couple of days of being told the forum still leaked, was one which exposed the private email address of certain users to any logged in user clicking on the Reply To... link inside a post.
They have locked the forum, because a very basic function like Reply To was leaking personal prvivate information contrary to the requirements of the Data Protection Act and the only way to prevent it, was to prevent people Replying To posts. ie: lock the forum.
The "specific circumstances" which were leading to the forum leaking PII for goodness knows how long, were the forum being on the web and being used. As you can see that is a very unusual set of circumstances indeed. Not one BT could reasonably have predicted.
I regret to inform anyone using BT Beta forums with a login consisting of an email address, that BT have compromised that address by making it available via their site to bots, and even inexperienced humans.
I personally collected 10 personal private email addresses using the reply to... method yesterday and emailed each individual about the issue advising them to complain and contact the ICO.
I have screenshots of many more.
1 REPLY 1
Re: Can we help BT forums with their security
23-10-2008 10:01 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Tut tut tut BT, must try harder and not be playing catch up all the time.
I predict that those forums will disappear sharpish as soon as they become filled with posts from irate customers (perhaps it'll bring down the server)
I predict that those forums will disappear sharpish as soon as they become filled with posts from irate customers (perhaps it'll bring down the server)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Can we help BT forums with their security