Security researcher flags up embarrassing security flaw on IPSO website

Security researcher, Terence Eden, had tried to warn IPSO of the flaw on its website however his warnings were ignored to the organisation's misfortune.

An embarrassing security flaw on the Independent Press Standards Organisation website has been exposed showing the homepage defaced with a pig head.

The basic security flaw allows anyone to deface the site by simply entering arbitrary code into the search box on the recently formed Independent Press Standards Organisation (IPSO) site.

It had initially been exposed by security researcher Terence Eden who attempted to flag up the vulnerability to the IPSO however he claims his warning messages were ignored. He then defaced the website’s homepage with a pig head and additional text saying “Defacing IPSO is too easy” and shared the example with WIRED.

WIRED said it disclosed the flaw to IPSO who responded by saying it was taking "immediate steps to secure the site".

A lack of basic coding on the website has opened it up to cross-site scripting- also known as XSS- which allows pictures and text to be inserted onto the site. While the flaw does not allow data to be extracted, it leaves open the possibility of hackers being able to insert a page which could display a password entry form that would expose users’ passwords and other private information.

The latest security breach adds to a string of embarrassing security issues affecting government and other official websites. In March last year Eden disclosed a similar flaw on parliament.uk, education.gov.uk and more than 2,000 websites run by the NHS.

Get The Drum Newsletter

Build your marketing knowledge by choosing from daily news bulletins or a weekly special.