Coding errors left the edit kit interface on the UK government's citizens' portal visible last week.

Hmmm. Excuse me but your HTML is showing

Although the interface of Direct.gov.uk [1] was visible, a faux pas akin to exposing the site's undergarments to public view, more serious mischief wasn't possible. The interface didn't have write permissions to the website, security experts at UK-based penetration testing consultancy SecureTest confirmed.

Reg reader Phil stumbled on the page while passing time waiting for a Java update and looking at which UK health and government sites disallowed indexing by Google. "I'm not sure that's something I should be able to see. I didn't play with it much after seeing that, and wouldn't have known what to do if I had, but when a .gov.uk page says something like that, I can't help but wonder if someone who actually knows what they're doing might be able to cause some mischief," he explained.

As it happens the slip-up was minor - since it wasn't possible to post anything from the interface - but nonetheless surprising. The webmasters of Direct.gov.uk have since tucked in their undies pulled the page from public view. ®

Links

1. http://www.direct.gov.uk

Related stories

• Cybercrooks plant phishing scam on crime reduction website (3 June 2008)

  http://www.theregister.co.uk/2008/06/03/home_office_crime_reduction_hack/

• UK government websites out of control (29 April 2008)

  http://www.theregister.co.uk/2008/04/29/government_websites_uncontrolled/

• Digital cert glitch trips up UK passport site (9 January 2008)

  http://www.theregister.co.uk/2008/01/09/ips_site_cert_glitch/

• Watchdog criticises UK gov websites (30 November 2007)

  http://www.theregister.co.uk/2007/11/30/gov_websites_under_fire/

• Useless government IT adds self-nomination features (15 May 2007)

  http://www.theregister.co.uk/2007/05/15/new_statesman_awards/