Software firm’s director thought name using HTML would be ‘fun and playful’
…
The original name of the company was ““><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD”. By beginning the name with a quotation mark and chevron, any site which failed to properly handle the HTML code would have mistakenly thought the company name was blank, and then loaded and executed a script from the site XSS Hunter, which helps developers find cross-site scripting errors.
That script would have simply put up a harmless alert – but it serves as proof that a malicious attacker could instead have used the same weakness as a gateway to more damaging ends.
Similar names have been registered in the past, such as “; DROP TABLE “COMPANIES”;– LTD”, a wry attempt to carry out an attack known as SQL injection, inspired by a famous XKCD webcomic, but this was the first such name to have prompted a response. Companies House has retroactively removed the original name from its data feeds, and all documentation referring to its original moniker now reads simply “Company name available on request”.
….