Identity and Passport Service fixes online weakness


Identity and Passport Service fixes online weakness

Warwick Ashford

The Identity and Passport Service (IPS) has fixed a security weakness in its online passport application progress checking service.

The flaw enabled a separated parent to discover the existence of a child's passport application by using the online service.

The incident was reported to the Information Commissioner's Office (ICO) last year, but made public only recently with the publication of the IPS annual report.

An IPS spokesman said, "Current procedure ensures that the person making the enquiry is now required to supply the unique application bar code reference number."

This number is given only to the parent submitting the application.

Bill Beverley, security technology sales manager at F5 Networks said the incident highlighted the fact that many online security floors are as a result of programming errors.

"Many sites are still constructed with usability and budgets as key considerations and neglect application level security, which would offer protection against such errors," he said.

This simple error could have been avoided, said Beverley, if there had been a security mandate in place to ensure application security best practices were enforced.

"Without further legislation enforced by the government, organisations will continue to overlook security and we could see more sensitive data exposed through neglect," he said.

The IPS annual report said it would continue to monitor and assess its information risks to identify and address any weaknesses.

Planned steps for the coming year included improving security communications and training, and improving incident reporting and incident management information.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy