You are here: silicon.com > Software > Security Strategy

Security Strategy

MI5 plugs website flaw that left site open to hack attack

Beware the Iframe injection

Tags: website, mi5

Printer Friendly Email Story RSS

By Tom Espiner

Published: 30 July 2009 14:34 GMT

MI5 has closed up a flaw on its website that could have opened up visitors to malicious attacks, the UK intelligence agency said.

The website suffered a cross-site scripting vulnerability that could have allowed hackers to inject code into the site and redirect users to malicious pages, MI5 admitted on Wednesday.

However, the government service insisted the website had been secured quickly, and that at no time had any intelligence operatives been exposed by the hack.

Read this

A-Z of security

"MI5 takes security very seriously," the intelligence agency told silicon.com sister site ZDNet UK. "The website is secure and hosted in a high-security environment."

Last week, a hacker with the handle '[-TE-]-Neo' wrote that the MI5 website was vulnerable to cross-site scripting and Iframe injection. The hacker put the post on the Team Elite hacker forum last Tuesday, claiming the site was breachable through the search engine.

The MI5 site uses an embedded Google search engine, said an agency spokesperson, who also confirmed that the site had been vulnerable through the search tool. However, the website is hosted separately from MI5's back-end systems and is not connected to sensitive data, the spokesperson added.

Once MI5 was informed of the vulnerability, it took action to remedy the situation, said the spokesperson. The flaw was not maliciously exploited and had been limited to that search engine.

Original article: MI5 website breached by hacker from ZDNet UK

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Reader Comments

what next ? I would expect an amateur site knoc...
karen challinor

Click here to see all

Related Links

'Hack your own Oracle database' tool unveiled next week

ATM hack talk pulled from security conference

Facebook fights off another hack attack

Why you should hack your own systems

Passwords at risk from Firefox, IE flaw

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business

UK ID cards rollout hit by delay as launch date revealed

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'

The top 10 technologies you need to plan for next year


  • Jobs
SEO Campaign Manager

Optimisers, and Web Developers • Analyze customer Web sites and provide well-defined strategies for search engine improvement. Leverage skills ...

Software Architect Dublin

Keywords:Software architect senior software architect software engineer software developer web architect Dublin Java J2EE Microsoft .net C# web ...

Mid Weight Producer

Also ensure all appropriate stakeholders of the issues are informed and engaged to support resolution.Take responsibility for the development of the ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

The Truth About Wasteful Spending on Software: How to Stop Giving Your Software Vendors...

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


ID card database: 500 names added in first month

Women in IT: Tech has an image problem

Tesco Mobile to get a taste of Apple's iPhone

Marketing chiefs: Are you spamming your customers?

IT skills shortage squashed by recession?

Users tell SAP: 'We need to talk more'




Quick Sitemap Links: