Latest News

Sydney Metro looking to appoint temporary CIO

WA man jailed for at least five years for evil twin attack

Jetstar cancels flights due to Airbus software issue

BoM never planned to end reliance on 'legacy' site

ATA makes board chief executive-level club in bid for clout

'Shoddy' software leaves major holes in NSA site

By Dan Raywood

Jul 2 2013 7:30AM

Attackers could impersonate web traffic.

Cross-site scripting vulnerabilities were found on the NSA's forward facing web server due to "shoddily outsourced third party" Coldfusion software, researchers say.

'Shoddy' software leaves major holes in NSA site

Rustle Research researcher Horace Grant said the since patched flaws could allow attackers to impersonate NSA personnel and web traffic.

“Why are unreliable third parties creating the software that guards our national secrets?"

One of the vulnerabilities was in the careers section on the site while the other XSS bug was found in the ‘Mail to a Friend' notice.

Cross Site Scripting attacks were the most common attack type in Q3 of 2012 according to research by FireHost.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, UK edition

Tags:

nsa security vulnerabilities xss

Partner Content

Machine identity a key priority for organisations’ security strategies: CyberArk

Partner Content Machine identity a key priority for organisations’ security strategies: CyberArk

How small audio upgrades can enhance your hybrid work and improve business ROI

Partner Content How small audio upgrades can enhance your hybrid work and improve business ROI

Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

Partner Content Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

ElasticON Sydney 2025: Deriving value from your data with Search AI

Partner Content ElasticON Sydney 2025: Deriving value from your data with Search AI

Sponsored Whitepapers

Migrate enterprise workloads with confidence

Migrate enterprise workloads with confidence

The cloud tipping point

The cloud tipping point

How AI will deliver real business value

How AI will deliver real business value

The multicloud imperative

The multicloud imperative

Your multicloud advantage

Your multicloud advantage

Events

iTnews Executive Retreat - Security Leaders Edition

Most Read Articles

Labor bets on agency to monitor AI companies

Labor bets on agency to monitor AI companies

WA man jailed for at least five years for evil twin attack

WA man jailed for at least five years for evil twin attack

Startup finds flaws in popular VoIP products

Startup finds flaws in popular VoIP products

Bendigo Bank taps Google Cloud for first major AI project

Bendigo Bank taps Google Cloud for first major AI project

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories