[ISN] Hacker exposes ’embarrassing’ weakness in Met’s online security

http://www.telegraph.co.uk/technology/internet-security/10753180/Hacker-exposes-embarrassing-weakness-in-Mets-online-security.html By Theo Merz The Telegraph 10 Apr 2014 A computer security expert took less than two minutes to exploit an “embarrassing” flaw in the Metropolitan Police’s website, which he claims could have left computer users vulnerable to malicious attacks. Ilia Kolochenko, a consultant who is employed by companies to find weaknesses in their systems, said it took just 90 seconds to find a vulnerability which allowed him to create a fake page under the Met’s domain name. A malicious hacker could have exploited this to create a page asking members of the public for personal information, or one injecting malware, which would have been impossible to distinguish from a genuine police link. “I couldn’t access the Met’s police database, but I could very easily create a new link for the site,” the 27-year-old said. […]