Posts Tagged: unsecured state

Another GOV.UK XSS Flaw

HMIC-XSS

Her Majesty’s Inspectorate of Constabulary (HMIC) are the police who police the police. As the Police policers you'd expect their website to be copper-bottomed. That they would detect anything amiss when inspecting their thin blue links. Mind you, some web developers are a law unto themselves. Yeah, yeah, these puns are unbearable. Fine. Whatever. As... Read more »

Secure The Police!

City-Of-London-non-secure-fs8

Imagine, just for a moment, you suspect that a friend of yours is a criminal. Perhaps they are running an illegal proxy, or hosting a search engine, or maybe criticising a dangerous cult, or even taking suspicious photographs. These are all - apparently - within the remit of The City Of London Police. Better report... Read more »

Reactions to The Unsecured State

Computer-Active-NHS

It has been an intense few months digging through the security failings of the UK Government’s websites and trying to responsibly disclose them. It culminated with a week of blog posts exposing the vulnerabilities - and an award winning hackathon project. So what has been the reaction? The Good Privately, I've been contacted by people... Read more »

The Unsecured State Part 5 - Abandoned Inquiries

Climbie-Spam-fs8

This is part 5 of a series of blog posts looking at the security of the UK Government's web infrastructure. The primary cause of the vulnerabilities I've exposed over this series is abandonment. In a flurry of excitement a website is commissioned and created. Then, as time wears on, people begin to drift away from... Read more »

The Unsecured State Part 4 - UK Government Websites Spewing Spam

Hillingdon-Boots

This is part 4 of a series of blog posts looking at the security of the UK Government's web infrastructure. Over the last few days, I've shown that hundreds of websites run by branches of the UK state are in a perilous state of disrepair. There are multiple sites with hugely embarrassing XSS flaws, running... Read more »

The Unsecured State Part 3 - 2,000+ NHS Security Vulnerabilities (Disclosed)

Breast-Milk-Video-XSS-fs8

This is part 3 of a series of blog posts looking at the security of the UK Government's web infrastructure. Britain's National Health Service is riddled with old and insecure WordPress-based websites. Many of these sites have severe flaws including being vulnerable to XSS attacks. There is absolutely no suggestion that patient data or confidentiality... Read more »

The Unsecured State Part 1 - UK Parliament XSS Flaw (Disclosed & Fixed)

Parliament-XSS-Satire-fs8

This is part 1 of a series of blog posts looking at the security of the UK Government's web infrastructure. The UK Parliament website is pretty great. It houses a huge amount of historical information, lets people easily see what's happening in the Commons and the Lords, and is run by some really clever people.... Read more »