EC Safer Internet Exchange proved unsafe

The European Commission was left even more red faced after its Safer Internet Exchange suffered its second embarrassment in one week.

Last Friday, anonymous hackers pointed out two IIS 4 security holes present in the saferinternet.org server which the European Commission claimed to have patched immediately.

But then on Tuesday night, the site was defaced by unidentified attackers who left a database containing members' email addresses exposed.

Following the attack, a security expert labelled the "internet security specialist's" defences as "laughable".

The hackers left the following message: "This is our world! We are god and we make the rulezzzzz. Happy finding us! The Netherlands is tha place!"

But most worrying was that hackers posted a link to a database containing 475 email addresses of members of the Safer Internet.

Paul Rogers, network security analyst at MIS, said either the hackers gained enough control to move the database to a web visible area, or it was there in the first place. Should the latter be true, he labelled the administrator as "incompetent".

"In any case, it is clear a firm security policy was not followed," he said. "It's laughable that this organisation claims to be a specialist in security - the server wasn't properly hardened at all."

Rogers said that a number of necessary patches had not been installed, and he confirmed that as of yesterday morning a number of ports that should not be publicly accessible were still open.

"How can these people claim to promote a safer internet when they can't keep their own site secure?" he asked.

The site was launched only last month by the European Commission as part of a campaign to make the internet safer.

Ironically, the Commission has also just announced an anti-hacking law to increase the levels of security on European sites.