X
Tech
Home Tech Security

Litchfield: ID database ethical, not technical problem

David Litchfield, who has in the past dramatically exposed various vulnerabilities in Oracle, has told ZDNet UK at the Black Hat security conference in Amsterdam that the UK ID data base is an ethical, not technical problem."The problems aren't technical, but ethical -- in terms of privacy.
Written by Tom Espiner, Contributor

David Litchfield, who has in the past dramatically exposed various vulnerabilities in Oracle, has told ZDNet UK at the Black Hat security conference in Amsterdam that the UK ID data base is an ethical, not technical problem.

"The problems aren't technical, but ethical -- in terms of privacy. But they don't have a technical problem -- the databases can be secured as needs be."

Researchers from Ernst and Young may be able to challenge this. Billy K. Rios and Raghav Dube, senior security researchers, are currently working on methods to use compromised web browsers to access sensitive company management consoles -- and they're working on a method to circumvent those consoles to access a back-end database. The scary thing is, using a web session slips the hacker in right underneath any encryption and firewall.

Litchfield said that the threat from insiders to government databases was also great.

"They shouldn't have a database open to abuse by privileged users," said Litchfield.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

Placeholder product image alt text

The best AI image generators to try right now

Microsoft Copilot

The best AI chatbots: ChatGPT isn't the only one worth trying