Security boffin blasts caretakers of Alan Turing’s legacy
The Bletchley Park Trust has promised that a website revamp due in January will address security concerns highlighted by a security expert on Sunday.
Paul Moore slammed the site, which was home of the WWII Enigma codebreakers, for all manner of security shortcomings including emailing password resets and vulnerabilities to the well-known DROWN security flaw.
Moore further faulted Bletchley Park for a cross-site scripting flaw in a password field on its site.
It’s fair to say that we are dealing with a national heritage/museum website, rather than a bank.
But it’s not unreasonable to suggest that those behind the site should be setting an example for similar businesses, in honour of the heroic security legacy they celebrate.
A techie who created the original site expressed embarrassment about its latest woes. “I was @bletchleypark’s 1st webmaster back in the ’90s, but that was a long time ago so don’t blame me,” said Jeffrey Goldberg on Twitter.
In a statement, a representative of the Bletchley Park Trust acknowledged the website’s security shortcomings before stating that a more secure version is due to debut in the new year.
We were looking into this but we are aware the current website is not ideal and that we are working on a new website which is due to launch in January and this should address any current issues.
Bletchley Park website fail
Sponsored: Customer Identity and Access Management