Thank you for the link to the news. And above every thing else, thank
you for your ethics and way you handed the problem. Good job.
Thanks. I strongly believe that journalists have a duty to the public in terms of security as well as reporting. As a member of the National Union of Journalists here in the UK I have signed up to a code of ethics which requires me to do the right thing as it were.
That breech is incredible. How did you find it? And what were you doing when you ran across it?
I get emails from people looking for help all the time, every now and then one such email is a real jaw dropper. That's what happened here, Sanjib, the Indian guy who discovered the security hole a year ago, emailed me to ask if I could do anything to help get the breach closed as it was still open a year after he reported it.
I had a quick chat with him, took some detail, and then proceeded to hack the Visa database myself to get the evidence required (and the screenshots which appeared on Channel 4 News) before contacting VFS Global, the UK Foreign and Commonwealth Office and the British High Commission in order to get the thing secured before publishing the story.
As soon as I was satisfied the breach was secure, and I tried hacking in again without success, I published the news here on DaniWeb and then got in touch with Channel 4 News. We worked together for a couple of days to produce the final report that appeared last night.
I love it when a plan comes together. The UK government has some serious answers to find, and it looks like they will have to find them in Parliament as I understand questions are to be raised there about how and why this was allowed to happen.
This has now been rectified I am happy to report. I get a full credit in the Channel 4 News website report, where the piece is still the lead story, and a link back to my website in the body text (which in turn links to DaniWeb.)
I notice that word is starting to filter out onto other news sites now, so all being well it should help to spread the word about DaniWeb and elevate our status as a seriously serious IT community...
The link to the news video report seems to be broken, have reported it to Channel 4 News. In the meantime, this one seems to work OK:
The Channel 4 News website has the story up, and the video of the report here.
We get a link, as the 'blog which carried the story' but rather predictably the way it has been reported turns it into a Channel 4 exclusive - I am relegated to 'an Internet journalist specialising in security' and don't even get a name check on the site. Oh well, to be honest I don't mind as I just wanted the story to get out there and the security breach publicised.
i just got time to check out the video. Hats off davey you did great job. Nice tattoo's by the way ;)
Did anybody see the daniweb page member blog in the video when they were taking a close up shot at the VFS Indian page?
Wow.. great report. I didn't even hear about that until I just now watched that video.. Dang Davey, you look like a bad-ass who could take someone down in a second! lol Nice tattoos btw.. And I think I can just make out a screen shot of daniweb from the right most black laptop, no?
"A 12 year-old building a web site.." haha.. (sorry if this is a little old..)