Security researcher flags up embarrassing security flaw on IPSO website

Security researcher, Terence Eden, had tried to warn IPSO of the flaw on its website however his warnings were ignored to the organisation's misfortune.

An embarrassing security flaw on the Independent Press Standards Organisation website has been exposed showing the homepage defaced with a pig head.

The basic security flaw allows anyone to deface the site by simply entering arbitrary code into the search box on the recently formed Independent Press Standards Organisation (IPSO) site.

It had initially been exposed by security researcher Terence Eden who attempted to flag up the vulnerability to the IPSO however he claims his warning messages were ignored. He then defaced the website’s homepage with a pig head and additional text saying “Defacing IPSO is too easy” and shared the example with WIRED.

WIRED said it disclosed the flaw to IPSO who responded by saying it was taking "immediate steps to secure the site".

A lack of basic coding on the website has opened it up to cross-site scripting- also known as XSS- which allows pictures and text to be inserted onto the site. While the flaw does not allow data to be extracted, it leaves open the possibility of hackers being able to insert a page which could display a password entry form that would expose users’ passwords and other private information.

The latest security breach adds to a string of embarrassing security issues affecting government and other official websites. In March last year Eden disclosed a similar flaw on, and more than 2,000 websites run by the NHS.

Join us, it's free.

Become a member to get access to:

  • Exclusive Content
  • Daily and specialised newsletters
  • Research and analysis

Join us, it’s free.

Want to read this article and others just like it? All you need to do is become a member of The Drum. Basic membership is quick, free and you will be able to receive daily news updates.