Labour's website may be open to hackers

[William Knowles <wk () C4I ORG>]

http://www.independent.co.uk/news/Digital/Update/2000-09/labour100900.shtml

By Clayton Hirst
10 September 2000

The Labour Party's website is in serious danger of being hacked into,
and sensitive information could be stolen from it, an internet
accreditation company will claim this week.

Clicksure will on Thursday publish an audit of the site identifying 12
major flaws which could lead to a damaging breach. Most worrying is
that the site collects credit card details and personal information in
an "insecure environment".

Phil Hendey, Clicksure's director of marketing, said: "Any site which
collects credit card and personal information should be done securely.
Labour's site is open to abuse and the information could be hacked."

Mr Hendey warned that its shortfalls make Labour's site as vulnerable
to hacking as PowerGen's site, which was breached last month.

The news will worry thousands of Labour supporters who have joined the
party and made donations online.

Last month the Department for Trade & Industry launched TrustUK, a
government-backed hallmark for internet sites. Clicksure criticised
the hallmark when it was launched, but Mr Hendey said that if Labour's
site met these minimum standards it would be a "vast improvement".

He said: "Given that Labour supports TrustUK and claims to be
promoting internet use in the UK, you would have thought that it would
have got its own shop window in order."

Clicksure is also critical of Labour's site for not displaying terms
and conditions for the use of the site, having no commitment to
privacy and for not stating whether personal information is being
collected.

However, it's not just Labour's website which Clicksure has
criticised. It has identified nine problems with both the Conservative
and the Liberal Democrat sites. However, both sites offer a secure
environment to submit credit card details.

Clicksure's audit also examined Al Gore's site. In stark contrast to
the UK sites, Clicksure gives a glowing report of the US presidential
candidate's internet offering.

Mr Hendey said that Gore2000.com fell down on just one point and
otherwise it matches all Clicksure's exacting standards.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".