False Start for Cyber Security Challenge?

Paul Mutton

30 April 2010


A cross-site scripting vulnerability has been uncovered on the Cyber Security Challenge UK website, before the site has even been made ready for candidates to register.

Ironically, the programme has been established by a management consortium of key figures in cyber security, and is designed to identify and nurture the UK's future cyber security workforce.

The simple coding error was demonstrated a short while ago by James Wheare. It is not clear whether this security vulnerability is part of the challenge, but we suspect not.

Mr Wheare told Netcraft that he was prompted to look for the hole after reading a friend's tweet, and noticed insufficient encoding in the page's <title> and <h2> tags.


main page ATTRITION feedback