Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Hacker exposes 'embarrassing' weakness in Met’s online security

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 11 Apr 2014 07:41:06 +0000 (UTC)
http://www.telegraph.co.uk/technology/internet-security/10753180/Hacker-exposes-embarrassing-weakness-in-Mets-online-security.html

By Theo Merz
The Telegraph
10 Apr 2014
A computer security expert took less than two minutes to exploit an "embarrassing" flaw in the Metropolitan Police’s website, which he claims could have left computer users vulnerable to malicious attacks.
Ilia Kolochenko, a consultant who is employed by companies to find weaknesses in their systems, said it took just 90 seconds to find a vulnerability which allowed him to create a fake page under the Met’s domain name.
A malicious hacker could have exploited this to create a page asking members of the public for personal information, or one injecting malware, which would have been impossible to distinguish from a genuine police link.
"I couldn’t access the Met's police database, but I could very easily create a new link for the site," the 27-year-old said. 


[...]


--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
Previous By Date Next
Previous By Thread Next

Current thread: