Latest News

NAB's SecOps rethink focuses on data expert and dev hires

Bunnings turns agentic focus to trade and commercial customers

Anthropic alleges Alibaba illicitly extracted Claude AI model capabilities

US FCC toughens submarine communication cable rules

In Pictures: HPE & Microsoft IT infrastructure roundtable

'Shoddy' software leaves major holes in NSA site

By Dan Raywood

Jul 2 2013 7:30AM

Attackers could impersonate web traffic.

Cross-site scripting vulnerabilities were found on the NSA's forward facing web server due to "shoddily outsourced third party" Coldfusion software, researchers say.

'Shoddy' software leaves major holes in NSA site

Rustle Research researcher Horace Grant said the since patched flaws could allow attackers to impersonate NSA personnel and web traffic.

“Why are unreliable third parties creating the software that guards our national secrets?"

One of the vulnerabilities was in the careers section on the site while the other XSS bug was found in the ‘Mail to a Friend' notice.

Cross Site Scripting attacks were the most common attack type in Q3 of 2012 according to research by FireHost.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, UK edition

Tags:

nsa security vulnerabilities xss

Partner Content

Digital sovereignty is no longer optional - Agentic AI has made it fundamental

Promoted Content Digital sovereignty is no longer optional - Agentic AI has made it fundamental

Why resilient communications are becoming critical infrastructure for modern enterprise IT

Promoted Content Why resilient communications are becoming critical infrastructure for modern enterprise IT

You meet the security standard. Shame no one can see it

Promoted Content You meet the security standard. Shame no one can see it

The hidden economics of AI: Why token usage matters more than you think

Partner Content The hidden economics of AI: Why token usage matters more than you think

Sponsored Whitepapers

Innovate anywhere with HPE and Azure Local

Innovate anywhere with HPE and Azure Local

Cloud Covered Report: New Zealand

Cloud Covered Report: New Zealand

How healthcare organisations can get more value from cloud

How healthcare organisations can get more value from cloud

The governed agent: A new framework for responsible AI at scale

The governed agent: A new framework for responsible AI at scale

Securing Machinery of Government changes

Securing Machinery of Government changes

Events

Most Read Articles

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

ASD draws a hard line on developers lacking security skills

ASD draws a hard line on developers lacking security skills

Fake IT worker threat spreads outside tech sector in Australia

Fake IT worker threat spreads outside tech sector in Australia

NAB builds integrated ops hub for threat intelligence

NAB builds integrated ops hub for threat intelligence

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories