14 DAY TRIAL // In the past few weeks we’ve witnessed how some major companies failed to ensure that their public websites are secure against potentially malicious operations launched by profit-driven hackers. The hacker called Freedom identified a series of vulnerabilities in sites such as the ones of Virgin Media, Orange, Vodafone, TalkTalk, and others.
“It makes me laugh all the time. My brother works in PHP and even his code is better than these sites. I’m sure they have a team of 5 year old kids making these sites. LOL,” the hacker told us.
Besides the cross-site scripting (XSS) flaws found in the aforementioned sites, Freedom also discovered similar vulnerabilities on the site of Phones4U, a popular retailer in the United Kingdom that provides phones, laptops, mobile broadband and accessories.
Moving on to another category of websites appointed as containing security holes, we find the official ones of the famous Manchester United football team and the UK’s Premier League, the body responsible with the management of the county’s main football events and their centralized broadcast.
The last website is from a separate category, more precisely the site of News Channel 5. The hacker provided screenshots to prove the existence of these weaknesses.
“All of these where very easy to find and some have very little security. It is very funny how sites like these that make a lot of money use such low level scripts. These companies need to understand that they need to update and not ignore the emails,” Freedom said.
“This time it was me that found them. It’s not so hard, all it takes is a few bad guys to come along and well then they will need to do more than update. If your site has issues we will find it and well we are not all good guys in this game!”
The hacker revealed that the vulnerabilities were disclosed not only to warn the sites’ administrators, but also their customers that are unaware of the dangers that may lurk behind every simple click.
“What I would like to say to the coders of these sites: You have been weighed, you have been measured, and you have been found wanting,” the hacker concluded.
Update. After the article was published TalkTalk representatives reached out to us and requested Freedom's contact information. As it turns out, the hacker and the company collaborated on securing some of the vulnerable parts of the website.
The efforts of both should be applauded because once again they proved that hackers and companies can work well together.
Here is a statement provided by TalkTalk:
We make every effort to safeguard the security of our public-facing websites and have acted upon the information provided by Freedom. We will continue to constantly monitor and, where necessary, improve our security measures.
