UK citizens' portal exposes edit kit interface
HTML undergarments of Direct.gov.uk aired in public
Posted in Security, 4th June 2008 10:49 GMT
Free whitepaper – Transforming IT culture
Coding errors left the edit kit interface on the UK government's citizens' portal visible last week.
Hmmm. Excuse me but your HTML is showing
Although the interface of Direct.gov.uk was visible, a faux pas akin to exposing the site's undergarments to public view, more serious mischief wasn't possible. The interface didn't have write permissions to the website, security experts at UK-based penetration testing consultancy SecureTest confirmed.
Reg reader Phil stumbled on the page while passing time waiting for a Java update and looking at which UK health and government sites disallowed indexing by Google. "I'm not sure that's something I should be able to see. I didn't play with it much after seeing that, and wouldn't have known what to do if I had, but when a .gov.uk page says something like that, I can't help but wonder if someone who actually knows what they're doing might be able to cause some mischief," he explained.
As it happens the slip-up was minor - since it wasn't possible to post anything from the interface - but nonetheless surprising. The webmasters of Direct.gov.uk have since tucked in their undies pulled the page from public view. ®
The Register Guide to Extended Validation
The Evolving Security Landscape
The Impact of IT Security Attitudes
Risk and Resilience
Linux on the Desktop
