Koizumi Web site made visitors' data vulnerable to hackers

[InfoSec News <isn () c4i org>]

http://home.kyodo.co.jp/all/display.jsp?an=20020314004

2002/03/15 

TOKYO, March 13, Kyodo - The Internet site of Prime Minister Junichiro
Koizumi's office poses the danger that the personal data of visitors
to the site can be obtained by hackers, a Web security research
company said Wednesday.

The defect was found on the page called ''We Solicit Your Opinions,''
a segment of the site which is also the source of the e-mail magazine
of the prime minister, said Vagabond Co. based in Tokyo.

Vagabond alerted the prime minister's office of the presence of the
security problem Monday.

The prime minister's office suspended the operations of the page in
question on Wednesday, because the Vagabond warning took two days
before reaching the official in charge of the site, a cabinet official
said.

The prime minister's office is trying to fix the security defect and
eliminate the problem by Thursday morning.

The official said, ''It remains unknown whether personal information
of the people who visited this site was passed on'' to hackers. ''The
possibility is very low,'' the official said.

The official also denied suggestions that personal data of subscribers
to the premier's e-mail magazine might have been stolen by any hacker.

Government sources said the site -- until it was suspended -- posed
the danger that if a hacker had posted a special computer program for
stealing the personal data of visitors, it could have passed such data
on to the hacker.

This possibility of leakage of data to an unguarded Web site is known
as the vulnerability of cross-site scripting.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.