Slashdot Mirror

← Back to Stories (view on slashdot.org)

MI5 Website Breached By Hacker

Posted by CmdrTaco on from the because-they-can dept.

Jack Spine writes "UK intelligence agency MI5 has admitted that its website security was breached by hacker group Team Elite. A member of the hacker forum posted details of the hack last week, which took advantage of a cross-site scripting vulnerability in the site's Google embedded search. MI5 admitted the breach on Wednesday, but said that the flaw had not been exploited maliciously."

2 of 71 comments (clear)

  1. Re:A bit misleading ... by Anonymous Coward · · Score: 3, Insightful

    If you can inject javascript on a remote page like this, then you can steal their session data and login as them. That sounds pretty serious to me.

    more so when you consider the fact that there is no login form on their entire website. if these hackers can exploit something that doesn't exist, they're truly the cream of the crop. what's next? sql injection on static html?

  2. Someone is missing the point by meist3r · · Score: 2, Insightful

    Fort Knox announced today that someone broke in and took a dump on the Gold ... nothing was stolen though.