×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

False Start For Cyber Security Challenge UK

timothy posted more than 3 years ago | from the wee-oopsie dept.

Bug 18

An anonymous reader writes "Netcraft writes about an ironic 'false start' for the Cyber Security Challenge UK website. The new venture touts itself as 'a programme of national challenges, designed by experts, to identify and nurture the UK's future cyber security workforce.' Unfortunately, the website appears to be vulnerable to a basic cross-site scripting vulnerability which was easily found by some Twitter users."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

18 comments

Sigh (2, Insightful)

bbqsrc (1441981) | more than 3 years ago | (#32054964)

Of the four paragraphs in the article, there's one entirely about how the toolbar run by the website will protect you from XSS, and hardly goes into detail about anything amusing at all. It's not even that good of an XSS hole... simply boring.

Re:Sigh (1, Funny)

Anonymous Coward | more than 3 years ago | (#32055024)

Netcraft is dying! Someone commenting about it as if they didn't know it confirms it!

UK (-1, Flamebait)

Weezul (52464) | more than 3 years ago | (#32055022)

I don't see how this is a "false start", given they haven't even announced targets yet. I'd view this as just the typical competence level with the UK applies across the board, finance, engineering, cooking, etc. You know, there is a reason the UK is about the only country to ever feel threatened enough about their educational standing that they rigged a world wide survey of universities, well China might do this internally.

citation : The Times of Higher Education observed that U.K. universities had more foreign students and faculty because people speak English all over the world, but the U.S. universities are god awful expensive, and well no foreigners would bother seeking an education in India or Australia. So they created a nice little "World University Ranking" that places almost half the value on the presence of foreign students and faculty while largely ignoring usual measures like student and faculty achievements. For example, France's Ecole Polytechnique was ranked around the level of the University of Manchester for Engineering, while actually even Oxford doesn't hold a candle to EP in engineering.

Re:UK (4, Informative)

jcupitt65 (68879) | more than 3 years ago | (#32055122)

So they created a nice little "World University Ranking" that places almost half the value on the presence of foreign students and faculty while largely ignoring usual measures like student and faculty achievements.

No they didn't, please check your facts.

The ranking weights are:

  • Peer Review Score (40%)
  • Recruiter Review (10%)
  • International Faculty Score (5%)
  • International Students Score (5%)
  • Faculty/Student Score (20%)
  • Citations/Faculty Score (20%).

http://en.wikipedia.org/wiki/Times_Higher_Education_World_University_Rankings [wikipedia.org]

You're right that the THES ranking has been criticised. You'll note that they will be using a new methodology for this autumn's table.

Re:UK (0, Flamebait)

Weezul (52464) | more than 3 years ago | (#32055544)

Oops, yes, I'd forgotten exactly what they did wrong, but nevertheless everyone outside the UK basically agrees these rankings are self aggrandizing bullshit.

A more honest ranking was done by Shanghai Jiao Tong University [wikipedia.org] . In fact, the Shanghai rankings are still extremely based towards English speaking universities, although less blatantly biased towards British institutions. In all seriousness, the University of Sheffield simply does not belong in the top 100 for any world university rankings. lol

Re:UK (0)

Anonymous Coward | more than 3 years ago | (#32056806)

Just get over it, you froggy cunt.

Re:UK (1)

jcupitt65 (68879) | more than 3 years ago | (#32057060)

They don't have much credibility in the UK either, hehe. The university I work at is apparently in the world's top ten, which is rather o.O.

Re:UK (0)

Anonymous Coward | more than 3 years ago | (#32108580)

LOL, Though I am unsure of the statistics, I do know that a large percentage of students at Australian Universities are not from Australia. For instance in my degree, there's about a 50/50 split, though sometimes it seems far more skewed towards foreigners.

In fact, when I was studying at another institution and working closely with the faculty, they were becoming extremely worried about the increasing exchange rate, because this would decrease the amount of foreigners who could afford it, and would drastically impair their revenue.

It's not just a slight impairment either, since Australian students have government loans, and pay low fees, compared with foreign students, who also have to pay for accommodation, and food.

Either way, you've obviously got no idea.

Here's some numbers:
http://www.idp.com/research/statistics/international_student_numbers.aspx

Couldn't easily find the Australian numbers, nor a breakdown per what they are studying.

Donkeys seeking to recruit lions (5, Insightful)

Rogerborg (306625) | more than 3 years ago | (#32055076)

Well, I guess if they had competent IT people, they wouldn't be looking to hire any. Seems pretty axiomatic.

Re:Donkeys seeking to recruit lions (1)

BeerCat (685972) | more than 3 years ago | (#32056132)

Perhaps the website is the first part of the recruitment process -
"if you can hack this, then we could offer you a job as a white hat" Or something like

There are none (3, Insightful)

h00manist (800926) | more than 3 years ago | (#32055292)

There are no competent people, no secure or quality products, and no certain outcomes. Get over it and get to work trying to get whatever result you want, or to drinking beer. Either way, everything will end up somewhere. Try not to do it with guns, and nobody will die, that way you can try again.

You're being too "absolute" & this shows other (0)

Anonymous Coward | more than 3 years ago | (#32070560)

"There are no competent people, no secure or quality products, and no certain outcomes. Get over it and get to work trying to get whatever result you want" - by h00manist (800926) on Saturday May 01, @08:03AM (#32055292)

This seems to show otherwise, and it is about the closing portion of that quote of your words above: Getting to work and trying to get the result you want (an "impervious to attack" based OS):

----

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

http://www.tcmagazine.com/forums/index.php?s=568d95985ad83ef4add94de09f6026d3&showtopic=2662 [tcmagazine.com]

----
http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60 [theplanet.com]

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2 [xtremepccentral.com]

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

----

(Those results are only a SMALL SAMPLING TOO, mind you - I can produce more such results, upon request, from other users & sites online)

HOWEVER - There's ONLY 1 WEAKNESS TO IT:

Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online & anyone can verify that much, simply by visiting a security-oriented website, such as SECUNIA.COM or SECURITYFOCUS.COM & see their stats on that much (like 90% or better being caused by javascript misuses)), OR, what they download for example... King's Joker above tends to "2nd that motion" (& there is NOTHING I can do about that! Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature").

That's the point where educating users has to "step in", to finish off & "seal the deal"... even a person like Kings Joker above, who does not follow that guide "to the letter" and yet, he has drastically reduced his infestation rate to nearly nothing compared to what it was before he used a HOSTS file only, which allows the simplest principle in the world to take effect of "you can't get burned if you don't go into the kitchen" (I used him as my "lab rat #1" in fact, because of his radical infection rates, and that's how/why he gets infested sometimes is because he uses javascript indiscriminately/everywhere he does online, and he also downloads executable files from 'less than reputable sources' and execute them, these points are his 'downfall' typically - write him yourself at -> walburgerj@yahoo.com, and preceed the subject-line with my initials "APK", and he will answer back. Then, he can fill you in directly if you wish on this much).

Best part is, he runs Windows 2000, oem release, no service packs or hotfixes either... only a HOSTS file, and yet he has reduced his infestation rate to only 1% of what he used to get.

If Kings Joker were to apply all of what's in the security-hardening guide for windows, he'd probably get the type of results that THRONKA's testimonial above yields (i.e.-> 3++ years of solid uninfested uptime - because I've had that same kind of result, albeit for nearly 13++ yrs. now here (that's why I put that guide out, for the same benefit, for others too).

APK

P.S.=> Every operating system out there can be improved on the security hardening front, in other words, and once it's done (and users are educated as to where the potential threats come from)? You can see a small sampling of the results possible, above - and yes, EVEN ON WINDOWS... apk

YOU FaIL IT!? (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#32055960)

in eternity...Romeo had become like [amazIngkreskin.com]

Comments (1)

maswaaq13 (1803118) | more than 3 years ago | (#32070684)

I like your information I have never read like this. You information not only interesting but mean full for me and other peoples who visit your site. But unfortunately I did not write any more due to my study about mcp [mcpexam.net] because I want to update me in IT field and make me better and better. I did not spend all time at my study, also give time on music, sports and internet browsing for find out more and more great full and latest information. But i like to join you group and happy that i am a part of your group via make an account on your site and reply to your post. Have a nice day!
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...