May 26, 2022

Uk News today – Up to date News, NHS, Health, Sport, Science

For the very latest UK news, with sport, health, science, covid

Deloitte’s ‘Evaluate your Hacker IQ’ site fails itself after exposing database user name, password in config file

Deloitte’s ‘Evaluate your Hacker IQ’ site fails itself after exposing database user name, password in config file
Updated A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site's mySQL database. The…

Updated A website produced for international consultancy Deloitte to quiz individuals on knowledge of hacking techniques has actually shown itself susceptible to hacking.

The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file openly available. And within the file, in cleartext, is the username and password for the site’s mySQL database.

The website welcomes visitors to “Evaluate Your Hacker IQ” by entering a username. It then postures a series of several option questions about techniques employed by hackers to get business details. The test does not cover the possibility of publicly exposed passwords.

The mistake was spotted on Wednesday by Tillie Kottmann, a Switzerland-based IT consultant and developer who utilizes the deal with deletescape The website was removed on Wednesday.

hey @Deloitte, just what is my hacker IQ now? pic.twitter.com/Bqv25 kdDsU

— Tillie Kottmann (@antiproprietary )November 4,2020

Kottmann in August released dripped Intel technical materials in addition to SonarQube source code

The deloittehackeriq.com domain was registered by Tank Design, a Massachusetts-based digital marketing firm, in 2015 and the site includes a 2015 Deloitte Advancement LLC copyright notification.

Kottmann informed The Register that the last devote to its.git repo remained in 2017 and stated it’s not clear how actively the site is being used. The site was very first recorded by the Internet Archive’s Wayback Machine in 2018

More intensifying the vulnerability of the website, the test is hosted on Ubuntu Linux 14.04, which stopped getting security patches in April last year and is possibly susceptible to 11 known flaws

Kottmann said, “Maybe it deserves pointing out that a great deal of websites, including some other bigger corporations have.git [repositories] exposed on various domains.”

The Register asked Deloitte and Tank Style to comment, but we’ve not heard back. ®

Updated to include

In a statement sent out to The Register after this story was released, a representative for Deloitte distanced the firm from the now-removed hacking contest website.

” We know an incident that involved unapproved access to an interactive game/website which was developed for a cybersecurity event in 2015,” the company representative stated.

The website has actually not been actively used since 2015 and has actually now been taken down.

Read More