SINGAPORE — The Ministry of Defence (MINDEF) yesterday reassured the public that the personal information of those applying for National Day Parade (NDP) tickets online had not been compromised, although it acknowledged that the website’s security infrastructure could be improved.
Responding to media queries yesterday, Lieutenant-Colonel (LTC) Jason See, chairman in charge of ticketing, said: “We have reviewed our IT security infrastructure and would like to reassure Singaporeans that no personal information had been compromised. Nevertheless, the level of security can be further enhanced and we will do so.”
His comments came after a blog claimed that there were security flaws on the NDP website.
Technology blogger Lai Zit Seng, in a post entitled NDP Website An Embarrassment, wrote that personal data, such as NRIC numbers, could be compromised when Singaporeans and permanent residents submit their details for online balloting of the tickets.
He pointed to flaws such as the lack of Secure Sockets Layer (SSL) protocol in the ticket balloting sub-site. This lack of encryption means that the personal information applicants enter on the site — such as their full name, NRIC number and telephone number — could be stolen.
Said Mr Lai, an information technology architect at the National University of Singapore: “It’s almost a national embarrassment that a country with such advanced and developed infocommunications capabilities could not find someone better to showcase its most important national event on the Internet.”
LTC See said Singaporeans can still apply for tickets via the NDP website during its upgrading.
They can also submit their applications via AXS stations, self-service automated machines (SAMs) and short message service (SMS).