G4S Africa supports small business development thr... » The latest product in the G4S Deposita range is a smart safe system called mini-pay that holds up to... Commissioner's statement following incident in Man... » This is an utterly appalling attack. My thoughts are with the people of Manchester as they try to co... UPDATE: Policing events in the Capital » Following the horrific terrorist attack in Manchester last night, in which 22 people were killed and... Statement from Assistant Commissioner » Statement from Assistant Commissioner Mark Rowley, Head of National Counter Terrorism Policing: The... Met intensifies policing activities in London fol... » The Metropolitan Police Service (MPS) has increased police numbers and operations across the Capital... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTORA... » Please visit also: www.scorpionnewscorp.com SERIES: BUHARISM AND THE FIERCE URGENCY OF NOW A treat... Home Secretary’s statement on the Manchester attac... » I know that some people will only just be waking up to the news of the horrific attacks in Mancheste... Checkpoint Systems unveils Bug Tag 2 loss preventi... » Checkpoint Systems has announced the launch of Bug Tag 2 – an innovative loss prevention solution th... Edesix launches new head and torso mounted body wo... » Edesix has announced the launch of new head and torso mounted cameras. The X-100 is a side-mounta... Banknote Watch offers essential advice as old £5 i... » As of Friday 5th May 2017, the paper £5 note was officially withdrawn from circulation and no lo...

CLICK HERE TO

SOCIAL BOOKMARK

Talking Point Banner

McDonald’s website is insecure and could lead to passwords being stolen, according to Dutch software engineer Tijme Gommers. More information: http://www.theregister.co.uk/2017/01/16/xssive_thick_mistake_sees_mcdonalds_forget_hash_browns_off_hacker/

Lee Munson, security researcher at Positive Technologies reacts: “McDonald’s decision to encrypt user passwords on the client is a strange one and its customers, especially those who reuse the same password on all of their accounts, are highly unlikely to be lovin’ it.

“That’s because it allows passwords to be decrypted relatively easily and the same key gives access to every users’ credentials.

“On top of that, the food chain’s decision to stick with an older version of Angular JS is also a strange one – new releases often arrive as much for reasons of security as they do for feature upgrades. By running an older version, McDonald’s is simply inviting a hacker to come along and find a handful of vulnerabilities.

“Lastly, the fact that the restaurant chain is also running an outdated version of Jboss would seem to highlight issues at the version control or, worse, security team, level.

“McDonald’s would do well to determine which it is before any longer-lasting or embarrassing damage is done.”