'Shoddy' software leaves major holes in NSA site

By
Follow google news

Attackers could impersonate web traffic.

Cross-site scripting vulnerabilities were found on the NSA's forward facing web server due to "shoddily outsourced third party" Coldfusion software, researchers say.

'Shoddy' software leaves major holes in NSA site

Rustle Research researcher Horace Grant said the since patched flaws could allow attackers to impersonate NSA personnel and web traffic.

“Why are unreliable third parties creating the software that guards our national secrets?"

One of the vulnerabilities was in  the careers section on the site while the other XSS bug was found in the ‘Mail to a Friend' notice.

Cross Site Scripting attacks were the most common attack type in Q3 of 2012 according to research by FireHost.

This article originally appeared at scmagazineuk.com

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

JB Hi-Fi Group finds new cyber security leader

JB Hi-Fi Group finds new cyber security leader

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Toll Group puts third-party risk at centre of AI-era data security

Toll Group puts third-party risk at centre of AI-era data security

How Monash University is tackling the AI-driven app security gap

How Monash University is tackling the AI-driven app security gap

Log In

  |  Forgot your password?