Original URL: http://www.channelregister.co.uk/2007/10/02/bt_coding_glitches/
Coding errors on BT's price calculator website have left 'hidden' web areas of the site exposed.
Users visiting the call price calculator may be surprised to see the other options on their sidebar and the "you are here" section (http://www.productsandservices.bt.com/consumerProducts/displayTopic.do?topicId=15732).
Options include "Cat_HiddenArea", "Cat_HiddenPlaypen" and "Topic_HiddenTest". These diverting-sounding areas actually don't contain much of interest. One page is unavailable, another contains boilerplate text in Latin and the final page "Topic_HiddenTest" gives info to BT's Digital Vault while popping up a login for staging.bt.com. We're not quite sure why.
Altogether it could be a lot worse. BT's made the coding equivalent of neglecting to zip up on leaving the bathroom.
"No significant security breaches, just bad PR and lazy web discipline", notes Reg reader Matthew Johns, who we're grateful to for passing on the tip. ®
Content delivery firm trials novel authentication method (9 October 2007)
http://www.channelregister.co.uk/2007/10/09/cachefly_login/
BT home router wide open to hijackers (9 October 2007)
http://www.channelregister.co.uk/2007/10/09/bt_home_hub_vuln/
Ryanair check-in site exposes data (24 May 2007)
http://www.channelregister.co.uk/2007/05/24/ryanair_site_security/
O2 closes call records site after security flap (30 August 2006)
http://www.channelregister.co.uk/2006/08/30/o2_security_flap/
UK.gov html all over the place (30 March 2006)
http://www.theregister.co.uk/2006/03/30/government_website_shame/
© Copyright 2008