cross-site

A 1-post collection

Queen Mary University of London Job Site "Hacked"

At the weekend I was sent a link by a colleague to the jobs' site of Queen Mary University (job site here) as they wanted my advice on a position. I recommended the position but suggested using an alternative method of submitting an application, the site really does not utilise standard security practises (e.g. mixed content over HTTPS, account enumeration, password policy etc). Nothing surprised me about the website, until I tried to click on a URL located within the job listing, it automatically directed me to the following: The first thought that went through my mind was "oh boy, have I got malware on my machine?!", I went back to the listing and tried clicking the link, it...