|HOMEPAGE | NEWS | WORLD SERVICE | SPORT | MY BBC||low graphics | help|
|You are in: Vote2001|
Thursday, 17 May, 2001, 13:07 GMT
Conservative website 'open to attack'
By BBC News Online technology correspondent Mark Ward
The woeful security of the Conservative Party website has been exposed by an anonymous computer cracker.
The UK expert says that the conservatives.com website has been failing to take even the most basic security precautions.
He warns that in the run-up to the election anyone who wanted to embarrass the Conservative Party could do so by defacing the site.
The websites run for Michael Portillo, Ann Widdecombe and the Labour Party are almost as easy to compromise, he says.
Earlier this week a British cracker who uses the nickname "killingtime" posted comments to the alt.hacker Usenet newsgroup which said that the conservatives.com website has, in his words, "laughable security".
In the message killingtime said he was prompted to probe the security of the conservatives.com site after being incensed by a Tory election broadcast.
He found that the site is lacking most of the patch programs from the past 12 months that would prevent people attacking it via well-known vulnerabilities.
"Any file on this NT box is browsable. That means anyone can download the registry, databases, private files - *anything* - using just a web browser," he wrote in his Usenet message.
Many net veterans prefer to use the term "cracker" rather than "hacker" to refer to anyone who breaks into sites or computer systems.
Killingtime also issued a warning to the Conservative Party and said: "It is only a matter of time before their web site is defaced."
A technical consultant advising the Conservative Party on the running of its website said killingtime was right that, for some time, the site has been lacking files that would keep it secure.
The missing security patches were applied "within minutes" of the Party finding out it was vulnerable, he said.
The spokesman denied that any system files or files containing confidential information were ever at risk. "Reports that the site is unhardened are simply untrue," he said.
Many malicious hackers and crackers have exploited vulnerabilities in website software to plant programs that harvest information about those using the site or are used to launch remote attacks on other sites.
More recently, killingtime subjected the websites of Michael Portillo, Ann Widdecombe and the Labour Party to the same scrutiny as conservatives.com. While most are not as wide open to attack as the Conservative site, all of them have failed to block well-known vulnerabilities that a determined cracker could exploit.
The comments posted by killingtime were picked up and first publicised by technology news site The Register.
24 Aug 00 | Sci/Tech
'Trojans' open online accounts
31 Jan 01 | Sci/Tech
Major net security holes identified
06 Sep 99 | e-cyclopedia
Cracking: Hackers turn nasty
02 May 01 | Sci/Tech
Microsoft warns of 'serious' software hole
18 Apr 01 | UK
New force to tackle cybercrime
The BBC is not responsible for the content of external internet sites
|^^ Back to top
VOTE2001 | Main Issues| Features | Crucial Seats | Key People | Parties | Results & Constituencies | Candidates | Opinion Polls | Online 1000 | Virtual Vote | Talking Point | Forum | AudioVideo | Programmes | Voting System | Local Elections
Nations: N Ireland | Scotland | Wales
To BBC News>> | To BBC Sport>> | To BBC Weather>>