The Unsecured State Part 3 – 2,000+ NHS Security Vulnerabilities (Disclosed)

by @edent | # # # # | 8 comments | Read ~11,085 times.

This is part 3 of a series of blog posts looking at the security of the UK Government’s web infrastructure. Britain’s National Health Service is riddled with old and insecure WordPress-based websites. Many of these sites have severe flaws including being vulnerable to XSS attacks. There is absolutely no suggestion that patient data or confidentiality…

Continue reading →

The Unsecured State Part 2 – EduBase XSS (Disclosed & Fixed)

by @edent | # # # # | 6 comments | Read ~1,399 times.

This is part 2 of a series of blog posts looking at the security of the UK Government’s web infrastructure. Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the…

Continue reading →

The Unsecured State Part 1 – UK Parliament XSS Flaw (Disclosed & Fixed)

by @edent | # # # # | 5 comments | Read ~1,598 times.

This is part 1 of a series of blog posts looking at the security of the UK Government’s web infrastructure. The UK Parliament website is pretty great. It houses a huge amount of historical information, lets people easily see what’s happening in the Commons and the Lords, and is run by some really clever people.…

Continue reading →

Make Facebook (and other sites) Less Annoying Using CSS

by @edent | # # # # | Read ~829 times.

I’m really late to the party on this one – so this blog post is mostly an aide-mémoire. The web is built on three fundamental components: HTML – the structure of the page. CSS – how the page is styled. JavaScript – the interactivity. Typically, the website owner sets up the CSS to say links…

Continue reading →