- Hackers embarrassed the European Commission last week by identifying two security holes in SaferInternet.org, a commission-sponsored website promoting a safer internet.
One of the holes allowed the hackers to get administrator privileges on the server, a security expert who requested anonymity told the IDG News Service. The other leak involved an email distribution list that was left unsecured, allowing anyone to retrieve the names and email addresses of the people on the list.
"We are investigating the leaks and will report to the European Commission," says Tara Morris, project manager for the SaferInternet.org website, declining to detail how far the hackers were able to penetrate the server. He did say about 600 people subscribe to the email list in question.
Morris didn't specify the security flaw in the email distribution list, but did say the other hole was linked to a known vulnerability in Microsoft's Index Server, which runs on Microsoft's Internet Information Server (IIS) software widely used to run websites.
Morris works for Ecotec Research and Consulting, the firm contracted by the European Commission, the European Union's executive body, to maintain the website.
SaferInternet.org, which isn't targeted at the general public but designed to function as a hub for awareness-raising organisations such as the Internet Watch Foundation and the United Nations Children's Fund (UNICEF), was officially launched about two weeks ago. The site is part of a broad European Commission campaign to make the internet safer for citizens and businesses. SaferInternet.org specifically is meant to help eradicate illegal and harmful internet content, Morris says.
The news of the security flaws is extra spicy as the commission on last week said it had started work on an anti-hacking law in an effort to raise the level of online security in the European Union. Also the commission plans to fight computer viruses, is preparing a publicity campaign, and will help to strengthen cooperation between national computer emergency response teams.
Security issues like the one the European Commission had to deal with are damaging to an organisation, says one expert.
"Exploiting these types of vulnerabilities can result in a loss of confidentiality and integrity. If unauthorised persons were to gain access to a password file, they could steal, add, delete or modify important records or system accounts," says Dan Morrison, a partner in risk consulting with integrated services firm Andersen in Ottawa.