Computer Security

Cyber-criminals have attacked key government and consumer websites, allowing them to steal the personal details of anyone browsing the sites, The Times has learnt.

Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks.

Isn\’t that National Database going to be a wonderful thing?

7 thoughts on “Computer Security”

  1. It’s what’s known in the trade as a SQL injection attack . If you don’t write your database code in quite the right way, your database can be vulnerable.

    It’s an error that I might expect a junior programmer to make, but I wouldn’t expect a project manager or senior developer on a web project to be ignorant of it.

  2. …which is why this has only appeared in places like Hackney Council’s recruitment site, rather than anything secure or high-profile. It’ll be cases where the junior web monkey has been told “can you knock up this site, the contractors would charge us a fortune and take a month”.

    (which is also why the government frequently pays major agencies amounts for web development that make people here say “I could have done that for fifty quid”. Yes, you could, but the government can’t show you won’t screw it up.)

  3. john b,

    “which is also why the government frequently pays major agencies amounts for web development that make people here say “I could have done that for fifty quid”.”

    Well, not £50, but MTAS cost £1.75 million for the 1st year. For that, I’d expect to have a system built where someone couldn’t just change the URL and read someone else’s mailbox.

  4. It’s unacceptable in a junior web developer. I’ve explained why here. MTAS was even worse.

    Government agencies routinely pay much more for development than private companies would consider for the same project. I know this from differentials in contract values I’ve had myself.

  5. “which is also why the government frequently pays major agencies amounts for web development that make people here say “I could have done that for fifty quid”. Yes, you could, but the government can’t show you won’t screw it up.”

    Given the lax way the government usually writes its IT contracts, not only can they not show that the private company won’t screw it up either, but if they do, they usually can’t/won’t charge them any penalty…

  6. Pingback: That Asprox Virus… | Tim Almond

Leave a Reply

Your email address will not be published. Required fields are marked *