Sopra Steria finds UK citizens want more secu... » London: Sopra Steria has revealed that UK citizens are keener than ever to use digital public servic... World’s top education experts to answer key q... » Education experts, Edtech entrepreneurs and an assortment of thinkers, analysts and administrators f... HAUD gives more value through its Traffic Audit ... » Singapore: HAUD has now established itself as a market leading SMS firewall provider, and through ex... 365squared launches 365analytics » Macau, China: 365squared introduced 365analytics to its portfolio of services. 365analytics is a rea... Checkpoint Systems deploys its EAS Solutions at ... » Checkpoint Systems has announced its partnership in implementing EAS pedestals and deactivation syst... Evander Direct wins commendation for uPVC window... » Evander Direct have been commended for their innovative uPVC cleaning process that dramatically help... Electrical Industries Charity to benefit from pr... » Thousands of pounds are set to be raised for good causes in the electrotechnical industry at the upc... Secure I.T. Environments achieves new internatio... » Data Centre World, London: Secure I.T. Environments Ltd has announced that it has achieved new inter... OKI upgrades wide format with new Teriostar Multif... » Egham: OKI Europe Ltd has launched two new wide format Teriostar multifunction printers designed to ... BSIA members push aggressively for cyber-security ... » BSIA members have pledged to lead the way in cyber-security education, Vigilance can report.

CLICK HERE TO

Talking Point Banner

McDonald’s website is insecure and could lead to passwords being stolen, according to Dutch software engineer Tijme Gommers. More information: http://www.theregister.co.uk/2017/01/16/xssive_thick_mistake_sees_mcdonalds_forget_hash_browns_off_hacker/

Lee Munson, security researcher at Positive Technologies reacts: “McDonald’s decision to encrypt user passwords on the client is a strange one and its customers, especially those who reuse the same password on all of their accounts, are highly unlikely to be lovin’ it.

“That’s because it allows passwords to be decrypted relatively easily and the same key gives access to every users’ credentials.

“On top of that, the food chain’s decision to stick with an older version of Angular JS is also a strange one – new releases often arrive as much for reasons of security as they do for feature upgrades. By running an older version, McDonald’s is simply inviting a hacker to come along and find a handful of vulnerabilities.

“Lastly, the fact that the restaurant chain is also running an outdated version of Jboss would seem to highlight issues at the version control or, worse, security team, level.

“McDonald’s would do well to determine which it is before any longer-lasting or embarrassing damage is done.”