The UK business registrar Companies House has forced a software consultant to change its name after discovering it could lead to cross-site scripting attacks.

The British software engineer had kept his company’s name ““> LTD”. The name could have led to vulnerable websites to execute a script from the site XSS Hunter, which allows devs to discover cross-site scripting errors. It would have affected websites that don’t handle the HTML Code properly and could have mistaken them as blank in the company name section.

“A company was registered using characters that could have presented a security risk to a small number of our customers, if published on unprotected external websites. We have taken immediate steps to mitigate this risk and have put measures in place to prevent a similar occurrence. We are confident that Companies House services remain secure,” a Companies House spokesperson is quoted as saying.

Following the directive, the consultant has renamed his company to “THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD”. The consultant said he kept the older name thinking it would be a “fun and playful name.”

According to The Guardian, many companies have kept such code-based names. Some companies which are guilty of such names are “; DROP TABLE “COMPANIES”;– LTD”, which is said to be inspired by a popular XKCD webcomic. Unlike the previous occasions, it is the first time to elicit a response from the authorities.

As Engadget points out, it is weird that a simple code-based name could cause so much of a problem to a large number of websites. At the same time, it also highlights how fragile the digital space is right now.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.

Source: https://tech.hindustantimes.com/tech/news/british-firm-asked-to-change-name-as-it-could-be-used-to-hack-websites-71604903865408.html

Cross-site scripting, Scripting language, HTML, Cross-site request forgery

World news – GB – British firm forced to change name that could be used to hack websites

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here