'Shoddy' software leaves major holes in NSA site

By
Follow google news

Attackers could impersonate web traffic.

Cross-site scripting vulnerabilities were found on the NSA's forward facing web server due to "shoddily outsourced third party" Coldfusion software, researchers say.

'Shoddy' software leaves major holes in NSA site

Rustle Research researcher Horace Grant said the since patched flaws could allow attackers to impersonate NSA personnel and web traffic.

“Why are unreliable third parties creating the software that guards our national secrets?"

One of the vulnerabilities was in  the careers section on the site while the other XSS bug was found in the ‘Mail to a Friend' notice.

Cross Site Scripting attacks were the most common attack type in Q3 of 2012 according to research by FireHost.

This article originally appeared at scmagazineuk.com

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Log In

  |  Forgot your password?