Commvault partners with Pure Storage » Cisco Live, Melbourne, AU and Tinton Falls, NJ: Commvault has announced the integration of its Commv... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTOR... » A treatise on pastoral jihadism, islamism, arabism and cultural imperialism in Nigeria (Ephesians ... Where was Aisha Buhari when idiot Kumapayi flagr... » "Clip-clip..clip-clip...Did you not hear when BABA DAURA say women's place is in the kitchen?" ... UKCloud launches Disaster Recovery to the Cloud se... » London: UKCloud has announced the launch of Disaster Recovery to the Cloud, a self-service replicati... ADG Holdings bolsters security protection with Tra... » SAN MATEO, CA : TrapX Security™ has announced that ADG Holdings, a provider of proprietary trading a... ExtraHop combines analytics and low-cost storage... » London, UK: ExtraHop has announced several major platform enhancements as part of version 6.2. These... DEFENCE MINISTER MEETS TEENAGERS TAKING PART ... » Defence Minister Earl Howe today met teenagers at the Army’s first ‘Supercamp’, a new initiative whi... SONG OF THE SEASON » Also, visit: www.scorpionnewscorp.com APC, SO-SO TALK-TALK, SO-SO MOTIONS-MOTIONS, NO ACTION ... EEMBC and prpl align to drive use of hypervisors t... » SANTA CLARA, CALIF: Recently the prpl Foundation and EEMBC announced a formal partnership to advance... Qognify helps Navi Mumbai in the making of a safe ... » Qognify has announced the successful implementation of its market-leading Safe City solution in Navi...

CLICK HERE TO

SOCIAL BOOKMARK

Talking Point Banner

McDonald’s website is insecure and could lead to passwords being stolen, according to Dutch software engineer Tijme Gommers. More information: http://www.theregister.co.uk/2017/01/16/xssive_thick_mistake_sees_mcdonalds_forget_hash_browns_off_hacker/

Lee Munson, security researcher at Positive Technologies reacts: “McDonald’s decision to encrypt user passwords on the client is a strange one and its customers, especially those who reuse the same password on all of their accounts, are highly unlikely to be lovin’ it.

“That’s because it allows passwords to be decrypted relatively easily and the same key gives access to every users’ credentials.

“On top of that, the food chain’s decision to stick with an older version of Angular JS is also a strange one – new releases often arrive as much for reasons of security as they do for feature upgrades. By running an older version, McDonald’s is simply inviting a hacker to come along and find a handful of vulnerabilities.

“Lastly, the fact that the restaurant chain is also running an outdated version of Jboss would seem to highlight issues at the version control or, worse, security team, level.

“McDonald’s would do well to determine which it is before any longer-lasting or embarrassing damage is done.”