https://gizmodo.com/a-year-later-u-s-government-websites-are-still-redire-1835336087
By Dell Cameron
Gizmodo
June 10, 2019
Dozens of U.S. government websites appear to contain a flaw enabling anyone to
generate URLs with their domains that redirect users to external sites, a handy
tool for criminals hoping to infect users with malware or fool them into
surrendering personal information.
Gizmodo first reported a year ago that a wide variety of U.S. government sites
were misconfigured, allowing porn bots to create links that redirected visitors
to sites with colorful names like “HD Dog Sex Girl” and “Two Hot Russians Love
Animal Porn.” Among those affected was the Justice Department’s Amber Alert
site, links from which apparently redirected users to erotic material.
Following Gizmodo’s report, a handful of government offices changed their
settings to address the problem. The problem persists, unfortunately, and
several new websites appear to be affected. While it appears that mostly porn
bots are taking advantage of these poorly configured sites, it also poses a
serious security concern.
The ability to generate malicious links that appear to lead to actual
government websites can be a handy pretense for criminals conducting phishing
campaigns. What’s more, these malicious redirects may be used to send users to
websites masquerading as official government services, encouraging them to hand
over personal information, such as names, addresses, and Social Security
numbers.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
