Her Majesty’s Inspectorate of Constabulary (HMIC) are the police who police the police.
As the Police policers you’d expect their website to be copper-bottomed. That they would detect anything amiss when inspecting their thin blue links. Mind you, some web developers are a law unto themselves.
Yeah, yeah, these puns are unbearable.
As I was responsibly disclosing the flaw, the HMIC team were busy moving to a shiny new website which is mercifully free of the problem.
If you’re running a website – especially a Government one – please take the time to understand the risks involved.
It only remains for me to ask the eternal question: quis custodiet ipsos custodes custos telam?
Read more about “The Unsecured State“, a series of blog posts examining security mishaps of UK Government websites.