Private Eye - Not As Clever As They Think They Are
media NaBloPoMo security xss · 2 comments · 300 words · read ~284 times.
Private Eye is the only "Dead Tree" publication I buy. I think its satire misses the mark more often than not - but its investigative journalism and general muck-raking are second to none.
The Eye has reluctantly been drawn into the digital age. It has a piss-poor website run by the sort of "tired and emotional" gnomes who struggle with concepts like sanitising user input.
EXCLUSIVE
Push this button to see the Eye's new owner...
If that's a decent website, then I'm a banana!
Note: After much persuasion, Private Eye fixed this problem by... errr... Turning off their search functionality completely!
Private Eye spends a lot of time criticising the people working within the Internet Industries. Perhaps they should spend less time examining the mote in others' eyes - and rather more time on the branch in their own?
I did call Lord Gnome's offices several months ago to report the error. The flack who took my call was a "jolly hockey-sticks" type who struggled to turn on her computer and navigate to her employer's website. I've not mentioned her by name - because I'm not a total bastard - but given Ian Hislop's apparent distaste for employing women, there's only a small pool from which to choose.
Ian - perhaps the reason your website is so atrocious is that you piss all over the sort of people who could actually help you. You've run exposés on public- and private-sector websites being vulnerable, so why don't you stop being such a hypocrite and fix your own site?
This flaw was responsibly disclosed to Private Eye and their web team in March 2014. I discussed it with them again in early September to highlight the flaw.
Jon R says:
You seem to have accidentally written "sanitising user input" where I am sure you of course meant to write "properly handling data and correctly encoding output".
Terence Eden says:
potato / tomato 😉