There is an article on the BBC about a security vulnerability found on the Child Exploitation and Online Protection Centre (CEOP) website. According to the BBC:
"A member of the public found a form on the Child Exploitation and Online Protection Centre's website - to report alleged offenders - was unencrypted.
Security experts have described the breach of data as a serious error which could have put children at risk.
...
There will now be a full investigation by the Information Commissioner's Office.
...
The unencrypted pages meant personal details entered on the site could have been visible to anyone with a sinister motive."
So it looks like the non-use of SSL on a website is a serious error which warrants a full invesitigation by the ICO. Granted the CEOP processes sensitive information.
What does all this mean? What about the gazillion other websites that children use and which don't force the use of SSL? Answers on a postcard......
Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot
No comments:
Post a Comment