BBC HOMEPAGE | NEWS | WORLD SERVICE | SPORT | MY BBC low graphics | help
news vote 2001search vote 2001
 You are in: Vote2001
VOTE2001 
Main Issues 
Features 
Crucial Seats 
Key People 
Parties 
Results &  Constituencies 
Opinion Polls 
Online 1000 
Virtual Vote 
Talking Point 
Forum 
AudioVideo 
Programmes 
Voting System 
Local Elections 
Nations 

N Ireland 
Scotland 
Wales 

BBC News

BBC Sport

BBC Weather
Thursday, 17 May, 2001, 13:07 GMT
Conservative website 'open to attack'
Conservatives.com website
The conservative.com website: security shortcomings?
By BBC News Online technology correspondent Mark Ward

The woeful security of the Conservative Party website has been exposed by an anonymous computer cracker.

The UK expert says that the conservatives.com website has been failing to take even the most basic security precautions.

He warns that in the run-up to the election anyone who wanted to embarrass the Conservative Party could do so by defacing the site.

The websites run for Michael Portillo, Ann Widdecombe and the Labour Party are almost as easy to compromise, he says.

Security shortcomings

Earlier this week a British cracker who uses the nickname "killingtime" posted comments to the alt.hacker Usenet newsgroup which said that the conservatives.com website has, in his words, "laughable security".

In the message killingtime said he was prompted to probe the security of the conservatives.com site after being incensed by a Tory election broadcast.

He found that the site is lacking most of the patch programs from the past 12 months that would prevent people attacking it via well-known vulnerabilities.

"Any file on this NT box is browsable. That means anyone can download the registry, databases, private files - *anything* - using just a web browser," he wrote in his Usenet message.

Ann Widdecombe canvassing support
The website of Ann Widdecombe may also be vulnerable
On his own website, killingtime goes into more detail about the vulnerabilities and says that widely available hacking tools could be used to exploit the security holes and give a cracker access to the site.

Many net veterans prefer to use the term "cracker" rather than "hacker" to refer to anyone who breaks into sites or computer systems.

Killingtime also issued a warning to the Conservative Party and said: "It is only a matter of time before their web site is defaced."

A technical consultant advising the Conservative Party on the running of its website said killingtime was right that, for some time, the site has been lacking files that would keep it secure.

The missing security patches were applied "within minutes" of the Party finding out it was vulnerable, he said.

The spokesman denied that any system files or files containing confidential information were ever at risk. "Reports that the site is unhardened are simply untrue," he said.

Vulnerabilities

Many malicious hackers and crackers have exploited vulnerabilities in website software to plant programs that harvest information about those using the site or are used to launch remote attacks on other sites.

More recently, killingtime subjected the websites of Michael Portillo, Ann Widdecombe and the Labour Party to the same scrutiny as conservatives.com. While most are not as wide open to attack as the Conservative site, all of them have failed to block well-known vulnerabilities that a determined cracker could exploit.

The comments posted by killingtime were picked up and first publicised by technology news site The Register.

 A/V CONSOLE
BBC RADIO NEWS
BBC ONE TV NEWS

Latest stories

Prescott fracas

Our correspondents

AUDIO/VIDEO

TALKING POINT
PARTY WEB LINKS



The BBC is not responsible for the content of external internet sites


Related stories:

24 Aug 00 |  Sci/Tech
'Trojans' open online accounts
06 Sep 99 |  e-cyclopedia
Cracking: Hackers turn nasty

Internet links:


The BBC is not responsible for the content of external internet sites
©BBC