http://www.theregister.co.uk/2010/09/09/symantec_hackiwack_rickrolled_again/ By John Leyden The Register 9th September 2010 Symantec's hapless HackIsWack cybercrime rap competition site can still be rickrolled, despite assurances to the contrary from the security giant. A web application filter was deployed to block an earlier cross-site scripting attack, but this filter is configured to allow a YouTube video featuring rapper Snoop Dogg, who has been recruited to promote the project, to be displayed. That means that even though the initial attack no longer works, unresolved vulnerabilities on the site mean that it can still be rickrolled onto YouTube videos, as you can see here. The apt use of Beaker from the Muppets singing Rick Astley is a fitting tribute to the whole HackIsWack endeavour. The rap competition has the laudable aim of raising cybercrime awareness, but is chiefly noteworthy for security snafus that have made Symantec look rather silly, instead of down with the kidz. The rickrolling cross-site scripting bug was only the most publicised of the site's flaws. Other problems included the caching of potentially sensitive data and upload security problems, among others, according to a write-up by security blogger Mike Bailey last week. [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Fri Sep 10 2010 - 00:50:58 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 10 2010 - 01:00:37 PDT