AOH :: ISNQ6939.HTM

Symantec HackIsWack site still open to rickrolling




Symantec HackIsWack site still open to rickrolling
Symantec HackIsWack site still open to rickrolling



http://www.theregister.co.uk/2010/09/09/symantec_hackiwack_rickrolled_again/ 

By John Leyden
The Register
9th September 2010

Symantec's hapless HackIsWack cybercrime rap competition site can still 
be rickrolled, despite assurances to the contrary from the security 
giant.

A web application filter was deployed to block an earlier cross-site 
scripting attack, but this filter is configured to allow a YouTube video 
featuring rapper Snoop Dogg, who has been recruited to promote the 
project, to be displayed. That means that even though the initial attack 
no longer works, unresolved vulnerabilities on the site mean that it can 
still be rickrolled onto YouTube videos, as you can see here.

The apt use of Beaker from the Muppets singing Rick Astley is a fitting 
tribute to the whole HackIsWack endeavour. The rap competition has the 
laudable aim of raising cybercrime awareness, but is chiefly noteworthy 
for security snafus that have made Symantec look rather silly, instead 
of down with the kidz.

The rickrolling cross-site scripting bug was only the most publicised of 
the site's flaws. Other problems included the caching of potentially 
sensitive data and upload security problems, among others, according to 
a write-up by security blogger Mike Bailey last week.

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org 
http://www.infosecnews.org/mailman/listinfo/isn 

Site design & layout copyright © 1986-2014 CodeGods