funsec mailing list archives
U.S. Government Security Site Vulnerable to Common Attack
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 14 Dec 2005 15:51:25 GMT
Via Netcraft. [snip] The U.S. government site that tracks cyber security risks was recently found vulnerable to cross-site scripting, a technique commonly used in hacker attacks and web site spoofing. Several security sites have published a demonstration of the security hole in the web site for the National Institute of Standards and Technology (NIST), which hosts the U.S. National Vulnerability Database, which ironically includes numerous examples of cross-site scripting. The cross-site scripting vulnerability in the NIST site was found in a script that warns visitors that they are about to leave the NIST site, a common practice on U.S. government sites. The NIST script allows potentially malicious Javascript to be appended to the URL and executed by the browser, a technique which works in Firefox and Internet Explorer. The flaw was originally reported by the RootShell Security Group. Staff at the NIST web site closed the security hole after being contacted by people who saw the RootShell posting. [snip] http://news.netcraft.com/archives/2005/12/14/us_government_security_site_vulnerable_to_common_attack.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- U.S. Government Security Site Vulnerable to Common Attack Fergie (Dec 14)