Monday, December 24, 2007

Labour exposes youth credit card details?

Anybody heard of Young Labour? It's the youth wing of the Labour Party and recently they had a big push about the fact that you could join for just a quid (no peerage included). The interesting thing is that if you go to the section to join online they ask, as you'd expect, for your personal details. You might notice that the page does not get that little secure socket padlock showing that your connection to the server is not encrypted.

If they were just asking for your name perhaps this wouldn't be a big deal, but, unbelievably, they're asking for people's credit card details as well. What's more they even seem to be suggesting people fraudulently join up too as they say "The credit card holder must be the person joining, or someone from the joiner's household." The data is then sent in plain text to god knows where by a basis POST request.

Will they ever learn? If they can't even be bothered to protect their own membership what can we honestly expect of their ability to protect data in Government?

8 comments:

Anonymous said...

Perhaps they won't need security...until someone actually joins????????

Anonymous said...

Watching New Labour and IT is like watching a kid with nitric and sulphuric acids and glycerine trying to make explosives. He likes fireworks and the explosions on films and this is more or less the way to go about it, but there's just a little more to it than meets the eye. He can see the fun, but can't see the hideous dangers.

Any Questions Friday 21 Dec edition, was a really scary listen. Michael Wills Minister of State for Data Protection was defending the ID card scheme on the grounds that they were trying to protect us all.

Yes, yes, you may intend to do that but recent events show that you don't know what you are doing, even at a basic level, and no one trusts you anyway. I don't really care if you blow yourself to bits with foolhardy experiments, but I don't really see why the rest of us have to be put to pointless risks, just because you fancy yourself as an explosives chemist.

Anonymous said...

Well, they can't get their money from the grown-up's any more, so they've resorted to youthful dunces.

Anonymous said...

Good post, Mr D! Perhaps they are not expecting anyone to join them? Merry Chrsitmas. Justin

dreamingspire said...

The joining process appears to have been pulled - 'Join' and 'Join for £1' just refresh their Home page http://www.labour.org.uk/younglabour/

flashgordonnz said...

dreamingspire's right. I thought it was me with an overseas ISP, or maybe my email address of "clunking_fist@yahoo.com".

Unknown said...

--- THIS BLOG THINGY SHOULD BE CLOSED... THE WEBSITE HAS NOW INTRODUCED ENCRYPTION ---

dizzy said...

There's a a datestamp for the post. And, have you considered the possibility that this post made them put encryption on?