The UK business registrar Companies House has forced a software consultant to change its name after discovering it could lead to cross-site scripting attacks.

The British software engineer had kept his company’s name ““> LTD”. The name could have led to vulnerable websites to execute a script from the site XSS Hunter, which allows devs to discover cross-site scripting errors. It would have affected websites that don’t handle the HTML Code properly and could have mistaken them as blank in the company name section.

“A company was registered using characters that could have presented a security risk to a small number of our customers, if published on unprotected external websites. We have taken immediate steps to mitigate this risk and have put measures in place to prevent a similar occurrence. We are confident that Companies House services remain secure,” a Companies House spokesperson is quoted as saying.

Following the directive, the consultant has renamed his company to “THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD”. The consultant said he kept the older name thinking it would be a “fun and playful name.”

According to The Guardian, many companies have kept such code-based names. Some companies which are guilty of such names are “; DROP TABLE “COMPANIES”;– LTD”, which is said to be inspired by a popular XKCD webcomic. Unlike the previous occasions, it is the first time to elicit a response from the authorities.

As Engadget points out, it is weird that a simple code-based name could cause so much of a problem to a large number of websites. At the same time, it also highlights how fragile the digital space is right now.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.

Source: https://tech.hindustantimes.com/tech/news/british-firm-asked-to-change-name-as-it-could-be-used-to-hack-websites-71604903865408.html

Cross-site scripting, Scripting language, HTML, Cross-site request forgery

World news – GB – British firm forced to change name that could be used to hack websites

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here