Friday, 27 November 2009

Watch those links...

UPDATE 04/12 - No reponses from any of the potential miscreants....I'll have to name them soon.

Had an interesting tip off yesterday. One of our competitors, a household name, sends out emails similar to our monitor emails.

The problem is that they include links to take you back to the website to buy documents but the links are insecure and allow anyone with access to those links to use, change details or even delete the account belonging to the person who they sent the link to.

Sent in the format of the url and a unqiue identifier, for example :

http:/bigbrandcreditcompany/something/alerts/id=KJHJGHGKJHSFGJHF this link passes anyone to the clients user account without any requirement to know the password.

Worse still, note the http:// part of the url. Not being https:// this string will be held in proxy servers around the world depending on where you view it from.

Technically, the string of letters at the end make it hard to guess these but it would not be impossible to attack this and try to delete any user account you get access to.

You have to hope, if you are a customer of this company, that this string is time limited. Otherwise that flaw is available for a very long time.

Sometimes, it helps to have developers who have a vested interest in making sure that your clients are safe and are almost OCD in their approach.

Like we do.

p.s. if you are bigcompanybrand and want to know if it's you, drop me a line and I'll give you the details.

Monday, 9 November 2009

Company Liquidations up 14.6%

There were 4,716 compulsory liquidations and creditors’ voluntary liquidations in total in England and Wales in the third quarter of 2009 (on a seasonally adjusted basis). This was a decrease of 4.7% on the previous quarter but an increase of 14.6% on the same period a year ago.

This was made up of 1,301 compulsory liquidations (which are down 9.8% on the previous quarter and down 12.9% on the corresponding quarter of the previous year), and 3,415 creditors voluntary liquidations (which are down 2.6% on the previous quarter but up 30.2% on the corresponding quarter of the previous year).

In the twelve months ending Q3 2009, approximately 1 in 114 active companies (or 0.9%) went into liquidation, which is up slightly on the previous quarter when the figure was approximately 1 in 120.

Additionally, there were 1,578 other corporate insolvencies in the third quarter of 2009 (not seasonally adjusted) comprising 410 receiverships, 974 administrations and 194 company voluntary arrangements. In total these represented an increase of 9.3% on the same period a year ago.