In the post, he pointed out several flaws including security and privacy, design and layout, as well as HTML coding that the NDP 2014 website had.
The chief concern among the flaws was that the NDP ticket-balloting microsite did not use the Secure Sockets Layer (SSL) protocol to encrypt the communications between users and the microsite.
The SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
When applying to ballot for tickets on the microsite, personal information such as your full name, IC and telephone number is transmitted to the microsite without encryption. Zit Seng demonstrated it on his website:
Hackers would still need to do some work to break into the NDP microsite, but with personal data not being encrypted, it makes it a much easier job for personal information to be stolen. In the words of Zit Seng, "your personal data is being sent in plaintext, unencrypted for anyone in-between to see, across the Internet to a Content Delivery Network? What is wrong with the people behind the NDP website?"
Zit Seng goes on to do a detailed critique on the design as well as the HTML coding of the website. He noted that the website had 176 errors according to W3C’s Markup Validation Service.
The last attempt by hacktivist group Anonymous saw them acquiring outdated personal data of some public servants in February. With that in our not-so-distant memories, one hopes that the NDP committee will seriously look to beef up the IT security.
Top photo from here.