FCC Supports Malware Distribution!

Well, not intentionally.

FCC “apology” shows anything can be posted to agency site using insecure API by Sean Gallagher

Gallagher reports that with an API key (use gmail account) you can post malicious Word documents to the FCC site.

Not formal support for malware distribution but then next best thing.

The FCC has been given notice so this is probably a time limited opportunity.

Don’t despair!

Knowing what to look for, you can begin scanning other government websites for a similar weakness.

Journalist tip: As APIs with this weakness are uncovered, trace them back to the contractors who built them. Then run forward to see who the contractors are afflicting now.

Comments are closed.