UK citizens' portal exposes edit kit interface
HTML undergarments of Direct.gov.uk aired in public
Posted in Security, 4th June 2008 10:49 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Coding errors left the edit kit interface on the UK government's citizens' portal visible last week.
Hmmm. Excuse me but your HTML is showing
Although the interface of Direct.gov.uk was visible, a faux pas akin to exposing the site's undergarments to public view, more serious mischief wasn't possible. The interface didn't have write permissions to the website, security experts at UK-based penetration testing consultancy SecureTest confirmed.
Reg reader Phil stumbled on the page while passing time waiting for a Java update and looking at which UK health and government sites disallowed indexing by Google. "I'm not sure that's something I should be able to see. I didn't play with it much after seeing that, and wouldn't have known what to do if I had, but when a .gov.uk page says something like that, I can't help but wonder if someone who actually knows what they're doing might be able to cause some mischief," he explained.
As it happens the slip-up was minor - since it wasn't possible to post anything from the interface - but nonetheless surprising. The webmasters of Direct.gov.uk have since tucked in their undies pulled the page from public view. ®
Send corrections
IT infrastructure monitoring strategies
The new Office Garage series:
Data control in the cloud
Top 10 SIEM implementer’s checklist
