When GOVUK is NSFW

by @edent | # # # | Read ~445 times.

I don’t particularly like picking on the security of Government websites. I do it a lot – but I always feel guilty about besmirching the good name of the many talented people who work in the Civil Service. Today’s flaw, however, is a particularly basic mistake which simply shouldn’t be allowed to happen by any…

Continue reading →

A Complete List of Every UK Government Domain Name

by @edent | # # # | 5 comments | Read ~823 times.

Would you like to know every domain name the UK Government had registered? Of course you would! There could be all sorts of interesting tit-bits hidden in there (ProtectAndSurvive.gov.uk? EbolaOutbreak2017.nhs.uk? MinistryOfTruth.police.uk?) Rather than relying on Freedom of Information requests, or Open Data, we can go straight to the source of domain names – the DNS!…

Continue reading →

How I Got The UK Government To Adopt ODF

by @edent | # # # | 1 comment | Read ~750 times.

Well, it’s not often I get to completely influence the UK Government’s approach to open standard. GOV.UK is adopting .ODF as their official document standard! All documentation will be also made available in HTML & PDF. Sweet! Yeah, yeah, so I only played a small part in the (no doubt) hideously complicated process – but…

Continue reading →

The Unsecured State Part 5 – Abandoned Inquiries

by @edent | # # # # | 6 comments | Read ~1,521 times.

This is part 5 of a series of blog posts looking at the security of the UK Government’s web infrastructure. The primary cause of the vulnerabilities I’ve exposed over this series is abandonment. In a flurry of excitement a website is commissioned and created. Then, as time wears on, people begin to drift away from…

Continue reading →

The Unsecured State Part 4 – UK Government Websites Spewing Spam

by @edent | # # # # # | 5 comments | Read ~5,099 times.

This is part 4 of a series of blog posts looking at the security of the UK Government’s web infrastructure. Over the last few days, I’ve shown that hundreds of websites run by branches of the UK state are in a perilous state of disrepair. There are multiple sites with hugely embarrassing XSS flaws, running…

Continue reading →

Should GOV.UK Run A Bug Bounty?

by @edent | # # # | 2 comments | Read ~1,904 times.

Cyber Security is of vital national importance. As the United Kingdom places more of its infrastructure onto the Internet, bugs and glitches go from minor inconveniences to full scale national emergencies. Suppose, for a moment, that a hacker were to interrupt payment processing for banks, or tamper with the UK’s water supply, or cut off…

Continue reading →