There are several dead links and sql injection vulnerabilities on the company's website.
I can appreciate that it takes time and tact to deal with all the clients something he is hopefully doing but not even doing some basic work on your own corporate site is hard to understand.
There are also exploits in the Frontpage module his web server is running according to online databases.
Does this company have its own "cms" system? Is that why the error is so pervasive?
From what he says about his business under "About Us" the owner has a solid background of over 10 years in the broadcast industry as a radio personality.
My assumption is that he owns the business, and has owned it for a long time. He probably has very rudimentary html skills and can open his tool of choice DreamWeaver on a good day.
From what he says I think he outsources pretty much anything more than writing plain html. So he might be trying to deal with one or more contractors that he has hired for different sites. That probably makes it difficult for him to roll out any changes / patches in a timely manner. He is probably trying to get his / one of his contractors do it for free, since he has discovered its broken.
I think the appropriate action is for Owen Smart to take a step back. Take a deep breathe. Realize that he is in a shitstorm now since the story hit HN.
He needs to reach out to and reassure his clients. He might want some help from a PR
person here to make sure he presents well. Make them see that he is competent and taking action.
Hire in a developer with a strong background in security to review the code base(s) for additional problems, and come up with an immediate mitigation plan, and work out a longer term plan to deal with the issues identified.
Make sure to follow up with the clients about target dates for fixing their sites.
He may also have to add a section on his corporate page, with some help from a PR person,
and give his version of events in the best, least confrontational manner, and again
say that he has the resources and the plan for addressing the issues that have been raised.
Some BS about thanking the people who helped him find the issues. and reassuring future clients that this will no longer pose any problems.
I can appreciate that it takes time and tact to deal with all the clients something he is hopefully doing but not even doing some basic work on your own corporate site is hard to understand.
There are also exploits in the Frontpage module his web server is running according to online databases.
Does this company have its own "cms" system? Is that why the error is so pervasive?
From what he says about his business under "About Us" the owner has a solid background of over 10 years in the broadcast industry as a radio personality.
My assumption is that he owns the business, and has owned it for a long time. He probably has very rudimentary html skills and can open his tool of choice DreamWeaver on a good day.
From what he says I think he outsources pretty much anything more than writing plain html. So he might be trying to deal with one or more contractors that he has hired for different sites. That probably makes it difficult for him to roll out any changes / patches in a timely manner. He is probably trying to get his / one of his contractors do it for free, since he has discovered its broken.
I think the appropriate action is for Owen Smart to take a step back. Take a deep breathe. Realize that he is in a shitstorm now since the story hit HN.
He needs to reach out to and reassure his clients. He might want some help from a PR person here to make sure he presents well. Make them see that he is competent and taking action.
Hire in a developer with a strong background in security to review the code base(s) for additional problems, and come up with an immediate mitigation plan, and work out a longer term plan to deal with the issues identified.
Make sure to follow up with the clients about target dates for fixing their sites.
He may also have to add a section on his corporate page, with some help from a PR person, and give his version of events in the best, least confrontational manner, and again say that he has the resources and the plan for addressing the issues that have been raised. Some BS about thanking the people who helped him find the issues. and reassuring future clients that this will no longer pose any problems.
Happiness all around.