from the guilty-until-proven-innocent dept
Hadopi, the French agency set up to enforce France's three strikes and you're kicked off the internet policy, apparently isn't very good at securing their own website. Someone found a simple XSS vulnerability and set up a page where Hadopi was promoting the Pirate Bay with an integrated search.
Of course, lots of sites end up with XSS vulnerabilities. It's often tough to avoid them (and yes, we've been caught with them a few at times). But, the reason why this is especially ironic is that part of Hadopi's position is that if you fail to secure your internet access point, you're still liable for the actions of users on that access point. Thus, it's not a stretch to argue that Hadopi is, by its own rules, liable for any infringement that may have occurred via its own site, right? Perhaps Hadopi should kick itself off the internet.