Companies have jokingly given themselves code-based names in the past (you can thank XKCD for that), but one of them was just forced to mend its ways. The Guardian reports that UK business registrar Companies House has forced a software consultant to change his company name after discovering that it could launch cross-site scripting attacks against vulnerable pages — yes, including Companies House. A site could have inadvertently compromised itself just by mentioning the company, which could be more than a little embarrassing for officials who greenlit the name.
The initial name, ““><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD,” risked confusing sites that didn’t handle the HTML formatting properly. They would think the company name was blank and run a script from the troubleshooting site XSS Hunter. It’s an innocuous script that would simply have put up a warning, but Companies House wasn’t willing to take any chances. The name might have “presented a security risk” to some sites, a spokesperson said.