back to article Royal Mail cybersecurity still a bit of a mess, infosec bods claim

After spending almost a year cleaning up after various security snafus, the UK's Royal Mail had an open redirect flaw on one of its sites, according to infosec types. We're told this vulnerability potentially exposes customers to malware infections and phishing attacks. Open redirects essentially allow attackers to use a …

  1. Neil Barnes Silver badge
    Flame

    Unsurprised that RM can't sort out its security...

    It still seems to find it impossible to liaise with its global partners such that letters posted first class in the UK in September have still not arrived at their destination in Germany.

    Given that they're obviously concentrating so hard on their primary function, little unimportant things like security are going to be way down the 'to do' list.

    1. Anonymous Coward
      Anonymous Coward

      Re: Unsurprised that RM can't sort out its security...

      If you really only posted it with a 1st class stamp, it's hardly surprising it wasn't delivered. International mail rates are much higher. I regularly post stuff to France and it gets there OK. Tracking shows that most of the delays are after it gets to La Poste.

      Agreed, though, that RM is useless at most cyber-related stuff.

    2. Anonymous Coward
      Anonymous Coward

      Re: Unsurprised that RM can't sort out its security...

      It's difficult to say how much is due to the Royal Mail and how much is due to the sender still having not come to terms with customs declarations.

      Yes GB businesses, you really do have to fill the declaration in correctly, include an invoice (PDF copy also sent to customer via e-mail so they can fill in their customs declaration before it enters their country), and use a tracking number (also sent to the customer via e-mail before it enters their country). Putting the address on it and hoping for the best isn't good enough. I mean it's only been nearly three years now...

      1. Korev Silver badge
        Joke

        Re: Unsurprised that RM can't sort out its security...

        > I mean it's only been nearly three years now..

        But we've taken back control of our Blue Passports*

        * Made in Poland naturally

  2. garwhale

    450K fine is too little

    For allowing data from 200K users to be stolen via a known vulnerability, the fine should be 2 million, plus 1000 per user in compensation. If the business viability is not impacted, the bored will just accept it as incidental expenses.

    1. MrGreen

      Re: 450K fine is too little

      450k is a bargain for them. This is why they don’t spend any money. Cheaper to do nothing.

      Unequivocal proof they don’t care about your data.

  3. Anonymous Coward
    Anonymous Coward

    Royal Smurf smurfly smurfs a smurf, saysmurf infosec smurfs

    ALSO: most smurfers are MOVEit smurfs, NY radiology smurf fined for not smurfing kit, and some smurfy vulnerabilities.

    INFOSEC in SMURF: After smurfing almost a smurf cleaning up after various security smurfs, the UK's Royal Smurf has left an open smurf flaw on one of its smurfs, according to infosec smurfs. We're told this vulnerability potentially exposes smurfs to smurfs infections and smurfing smurfs.

  4. Mike 137 Silver badge

    Or ....

    "We've repeatedly informed the company about the flaw, and the site in question has been down for months now, indicating that Royal Mail is working to mitigate the issue or has already done so [...]"

    Maybe their "solution" was just to pull the site (officially referred to in risk parlance as 'termination'). It really shouldn't take months to fix an open redirect on a web page, should it?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like