'Basic errors' leave UK government websites vulnerable to hackers
Security analysts have uncovered a number of ‘basic errors’ buries in the code of some of the UK government’s key websites, leaving them vulnerable to attack from hackers it has been claimed.
The Telegraph reports that a programmer has uncovered loopholes in the coding of the flagship UK parliament website; including one (since closed) which allowed browsers to enter computer code on an internal search engine to obtain images, video and password requests.
Commenting on the lapse computer security expert Terence Eden wrote: “The UK Parliament website is pretty great. It houses a huge amount of historical information, lets people easily see what's happening in the Commons and the Lords, and is run by some really clever people.
“That's why it's so depressing to see such a basic error as this XSS flaw in their search engine.”
Eden added: “… bad guys can still run pretty convincing adverts, or direct people to install malware, or a whole host of other nasty things. Because the domain is parliament.uk it carries with it a significant level of trust.”
Authorities were alerted to the bug on 7 February and put a fix in place on the 11 February but it is not believed that any hackers exploited the error.