funsec mailing list archives
Re: Security problems at the NSA Web site?
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 28 Dec 2005 14:23:10 -0600
--On December 28, 2005 6:02:32 PM +0000 Barrie Dempster <barrie () reboot-robot net> wrote:
On Tue, 2005-12-27 at 11:20 -0500, Richard M. Smith wrote:I just tried applying for a job at nsa.gov and got this error message: https://www.nsa.gov/servlets/iclientservlet/applyonline/?ICType=Panel&Me nu=ROLE_APPLICANT&Market=GBL&PanelGroupName=HR_RESUME_ADD_APPI've seen a couple of SQL injection and XSS bugs in the NSAs site. I notified them to a few different email addresses but received no response. I publicised one of the more tame vulnerabilities in the hope it would spur them on to fix the issues the site has but they have ignored the private and public postings. After publicising that vulnerability I received a few emails from friends/others with details of even more vulnerabilities (one of them was the same one you've experienced I believe). They don't take security of their public site seriously for one reason or another. There have been lots of speculation on this from ignorance to baiting and even recruiting techniques. None of which I'd care to comment on. Point is they just don't fix it.
Maybe there's a reason they don't fix them...... Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Security problems at the NSA Web site? Richard M. Smith (Dec 27)
- Re: Security problems at the NSA Web site? Gadi Evron (Dec 27)
- Re: Security problems at the NSA Web site? Paul Schmehl (Dec 27)
- Re: Security problems at the NSA Web site? Barrie Dempster (Dec 28)
- Re[2]: Security problems at the NSA Web site? Pierre Vandevenne (Dec 28)
- Re: Security problems at the NSA Web site? Paul Schmehl (Dec 28)
- Re: Security problems at the NSA Web site? Barrie Dempster (Dec 28)