Concept Business Systems Ltd have advised me that they have identified a system weakness, within the HMRC website, that might be exploited by hackers.
Seemingly the "vulnerability allows hackers to traverse directories on the server and include files which wouldn't ordinarily be available".
They go on to say:
"The sub-domain in this PoC (Proof of Concept) may not contain any information which puts tax-payers at risk. However, it may contain sensitive database information which could pose a significant security risk to everyone involved.
Either way, a hacker with virtually open-access to a supposedly secure system can only lead to further problems."
Any IT experts out there care to comment on this, eg how serious is this weakness?
Tax does have to be taxing.
HMRC Is Shite (www.hmrcisshite.com), also available via the domain www.hmrconline.com, is brought to you by www.kenfrost.com "The Living Brand"
It's akin to leaving your front door open and a list plus map of where all your valuables are - documents, plastic cards, car keys, cash, etc. - pinned to the wall.
ReplyDeleteLOL - So much for safe and secure. What a farce!
ReplyDelete@View From The Solent
That's a great analogy.
Are HMRC aware of this problem now?
ReplyDeleteHave you seen this one?
http://www.conceptbs.com/case-studies/security/general/81-capgemini-how-safe-is-our-information
Someone should ring the BBC or something