'Shoddy' software leaves major holes in NSA site

By on
'Shoddy' software leaves major holes in NSA site

Attackers could impersonate web traffic.

Cross-site scripting vulnerabilities were found on the NSA's forward facing web server due to "shoddily outsourced third party" Coldfusion software, researchers say.

Rustle Research researcher Horace Grant said the since patched flaws could allow attackers to impersonate NSA personnel and web traffic.

“Why are unreliable third parties creating the software that guards our national secrets?"

One of the vulnerabilities was in  the careers section on the site while the other XSS bug was found in the ‘Mail to a Friend' notice.

Cross Site Scripting attacks were the most common attack type in Q3 of 2012 according to research by FireHost.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition

Most Read Articles

Log In

  |  Forgot your password?