It's not the only site compromised at the moment.. I've identified nearly 30 local and national government sites recently hit by SQL injection attacks.

http://www.dynamoo.com/blog/2008/06/uk-goverment-sites-hit-by-sql-injection.html

Perhaps some malcontent hacker has decided to seed Home office and Police computers with potentially illegal anime and other extreme porn. Probably a library of some of the less tasteful anime pics featuring suspiciously youthful looking career girls with a taste for frilly clothing and a compulsion to investigate incidents involving be-tentcaled beasts from another plane of existence.

Possibly they're proactively uploading publicly available documents in a pre-emptive strike. Just in case the Home office decides that other documents such as the Bible, the Tora or the Koran are suddenly in contravention of one or more public order or obscenity laws.

Hey, stranger things have happened. Perhaps they're filling the computers with pictures of Optimus Prime in case of an anti-Transformer jihad?

West Yorkshire Police had until October last year open wifi access to their building on Westgate / Grace Street Leeds (might still be open, haven't looked recently). A simple look through the window meant you could see all their Domain Controllers. Beyond that I did not look.

Horrifying really.

Nope, I'm not surprised either.

Of course I won't be surprised when someone in the Government starts demanding that "Something must be done!" and starts another ill-judged crusade against "hacking tools" or some other nonsense.

Since everyone is using CMSes, these days, and poorly-written ones, at that, this has become a powerful vector. I'm flabbergasted by how few people know how to use mysql_real_escape_string().

The dark side of MySQL/PostgreSQL...

I know many people that prefer to use the phone or mail to make transactions/applications.

They do this because "The Internets have Leaky Tubes."

The problem is that the organization that receives your info then puts it on their server, which has a tube plugged straight into the Internets via an old LynkSys router.

... the Rozzers (or their contractors) don't or can't practice what they preach. They're not technology experts (although they are expected to investigate and prosecute technology crimes) so it should be unsurprising when things go wrong.

Paris, because I prefer her hot fuzz.

Borat da H4x0r Muppet more like! That UBend site is a screaming spoof. Hope it stays up, I bookmarked it.

"The dark side of MySQL/PostgreSQL..."

Injection attacks aren't limited to those products or the interpreter either.

"The website is hosted externally, away from all other police systems so no personal or confidential data could have been obtained."

That is the type of statement that gives me confidence, that is good sound administration.

"This was a hack that effectively “skimmed the surface” of the website, without connecting with any deeper database functionality."

So they're implying that if it had connected to the databases, it might have revealed personal information on the public?

Implying that sensitive databases are accessible by their web server?

That wouldn't surprise me, we the public should have a right to sue the government under the DPA for each and every screw up they make with our personal information.

It's time the British public stop bending over and taking it up the a**e from this pathetic excuse of a government.

The vulture, because that's what this country will become if something isn't done.

Quote: 'The Home Office bods “take information very seriously”. This incident will now be included in a review of the security of its websites, undertaken by the Independent Reviewer of Information Assurance, and due to report back in Spring 2009.'

Must be a very thorough review, already in progress and continuing until Spring 2009. And after it reports it will take no more than (lets be optimistic) three months to fully implement all of the excellent security recommendations. I'm so relieved that leaves such a tiny window of opportunity of about ***ONE WHOLE F*CKING YEAR*** for assorted miscreants to hack the Home Office and pinch our personal data, etc.!

Yep, I'd give up all my personal biometric data to these people. And I'd trust them to not abuse detention without trial. And I'm sure they wouldn't dream of using evidence obtained by torture from people kidnapped by the CIA and taken to Aghanistan, Morocco, <insert name of country lacking in human rights here>.

/end rant

quote "Sorry guys and girls of Bedfordshire's finest, but i my eyes you're just community support officers (sorry, ex traffic wardens) not REAL police." /quote

And they're different from any other UK police force how exactly !!

I think you are write that the sites seporation from other information has proven a wise move.

Peronaly I cant wait for all my personal and bimetric data to be online so anyone can see it and we can stop relying on it to prove my identaty.

I have been researching on Arfaoui FirAs .. the hacker of the bedfordshire police site.. and how found his website.. The website was originally in Arabic, therefore i have used google's Free Translator, here is the link; http://www.google.com/translate?u=http%3A%2F%2Fwww.xtobi.ektob.com%2F&hl=en&ie=UTF8&sl=ar&tl=en

I think the details given may be misleading though. As reports say he is living in the U.S

I have Posted Anonymously just because of that. the hacker may not want people looking at his personal information