The responsibility of being a programmer

lisa Lisa, 8th February 2014

Visitors to the NHS website on Sunday evening were sent to an infected website.

I read an article on Wednesday about how visitors to the NHS website on Sunday evening found themselves being sent to web pages hosting malware or - at best - ads which the visitors didn't intend to visit when they clicked on various links on the site.

The issue was because a developer had accidentally put an extra "s" in the domain googleapis.com. A naughty hacker (although, to be fair I suppose they didn't actually hack anything) noticed this and registered the mis-typed domain, and filled it with nastyness. The itproportal.com report makes it sound as if basically this guy saw the domain was being referenced, so registered the domain and put a site on it.

Of course people would have assumed the NHS had been hacked and someone had updated their links to go to nasty spam, so in a way they were probably relieved that it was a tiny mistake that was easily rectified, and that their security hadn't been breached. It was a routine security check which notified them of Sunday evening's issue on Monday morning, so it's great that their checks were proactive and picked it up.

But I feel for the poor developer who made the typo! How many people do the odd typo in their work? But how often does a typo actually lead to goodness knows how many people potentially having their private passwords and data pillaged from their home PCs?! I guess, it's the sort of domain that you would have thought he would have needed to have tested - if he was trying to use Google's APIs and got the domain wrong then whatever he was using for APIs for wouldn't have worked. But I don't know enough of the details to know if it was easily noticeable that the link was wrong or if the poor guy was just very unlucky!


More from our blog

18a win Netty 2024 award for Activibees.com

18a win Netty 2024 award for Activibees.com

29.02.24

We are delighted to announce that 18a has been recognised for its outstanding work in the "Web Design Agency of the Year - UK" category at… Read →

Generating an Effective Content Security Policy with your Laravel React App

Generating an Effective Content Security Policy with your Laravel React App

27.02.24

I recently had an interesting problem to solve. I'd built a brand new author website on a shiny installation of Laravel 10, utilising its out-of-the-box… Read →

If your WordPress website looks broken, it could be because of this.

If your WordPress website looks broken, it could be because of this.

15.02.24

WordPress is the incredibly popular blogging-come-full-website platform that powers over 835 million websites* in 2024. It's functionality is extended by plugins, and one such very… Read →