A Year Later, US Government Websites Are Still Redirecting To Hardcore Porn (gizmodo.com) 67
An anonymous reader quotes a report from Gizmodo: Dozens of U.S. government websites appear to contain a flaw enabling anyone to generate URLs with their domains that redirect users to external sites, a handy tool for criminals hoping to infect users with malware or fool them into surrendering personal information. Gizmodo first reported a year ago that a wide variety of U.S. government sites were misconfigured, allowing porn bots to create links that redirected visitors to sites with colorful names like "HD Dog Sex Girl" and "Two Hot Russians Love Animal Porn." Among those affected was the Justice Department's Amber Alert site, links from which apparently redirected users to erotic material.
Gizmodo first reported a year ago that a wide variety of U.S. government sites were misconfigured, allowing porn bots to create links that redirected visitors to sites with colorful names like "HD Dog Sex Girl" and "Two Hot Russians Love Animal Porn." Among those affected was the Justice Department's Amber Alert site, links from which apparently redirected users to erotic material. The ability to generate malicious links that appear to lead to actual government websites can be a handy pretense for criminals conducting phishing campaigns. What's more, these malicious redirects may be used to send users to websites masquerading as official government services, encouraging them to hand over personal information, such as names, addresses, and Social Security numbers.
Gizmodo first reported a year ago that a wide variety of U.S. government sites were misconfigured, allowing porn bots to create links that redirected visitors to sites with colorful names like "HD Dog Sex Girl" and "Two Hot Russians Love Animal Porn." Among those affected was the Justice Department's Amber Alert site, links from which apparently redirected users to erotic material. The ability to generate malicious links that appear to lead to actual government websites can be a handy pretense for criminals conducting phishing campaigns. What's more, these malicious redirects may be used to send users to websites masquerading as official government services, encouraging them to hand over personal information, such as names, addresses, and Social Security numbers.
Happened to me (Score:4, Funny)
I was trying to file my taxes and ended up looking at a porn site. Damn Trump!
Re: (Score:3)
$50,000 a year in IT in San Jose. I'm doing pretty well.
Re: (Score:2)
I get a Christmas bonus too.
Re: (Score:2)
Where "doing pretty well" means "living in parents' basement. Or perhaps mooching off a significant other. $50k pre-taxes just about pays apartment rent in San Jose.
Re: (Score:2)
Hey now, I just found 7 studio apartments for under $1500 a month!
Re:Happened to me [orange guy mention] (Score:1)
#MPGA!
Re: (Score:2)
"See, honey, I told you! I was clearly tricked into that malevolent link. I have no idea what truffle butter is, or why the browser history logged me there for three hours." #metoo
Re: (Score:2)
I'm afraid to look up what "truffle butter" is now...I thought it was just something rich people put on their food.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The IRS web site will cost you far more than $5.99 per minute.
Re: Trump's twitter feed isn't much better.... (Score:1)
Serious question. Does everyone on this site sit around obsessed with politics all day every day? Do you know there's a whole world out there? It's really great. I hiked around Dillon Colorado today. It was wonderful and I didn't think about Washington until I read this "technology" site.
Is it that surprising (Score:3)
Incentives matter.
Re: (Score:2)
To be clear.. (Score:4, Informative)
Re: (Score:3, Insightful)
This is about doing something like changing redirect.php?url=original.com to pornsite.com, on a URL from a 3rd party site, not actually changing page content. So not really a "security flaw" as much as a 'mitigating stupidity oversight'.
That's because you lack imagination. Suppose you get an email claiming to be from the Social Security Administration. They tell you that you need to register your social security number or something so that you'll qualify for benefits. They even send you a link to a page ssa.gov/redirect.php?=url=ssa.com and people start giving away PII to some malicious spammer? How do you know that the SSA didn't switch from .gov to .com? After all, the US Postal Service switched from a .gov to a .com.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I think it's fair to say this isn't a security flaw in their system, however I don't think it's fair to imply all of the blame lies with the users.
This is basically like leaving department letterhead in a stack in front of the government office building. You can't get into the building, or access secret documents with this letterhead, so it's not technically a security flaw. However, you do bear some responsibility when someone takes that letterhead and issues fake memos from your department, scamming peopl
Re: (Score:2)
Re: (Score:2)
Re: In case you missed it the first two times: (Score:1)
Hi, this is amber alert!
Hi, can you please help!
Of course! We've got redheads, brunettes, and blondes! $9.99 for the first minute, $5.99 thereafter!
No, seriously, can you please help? My friend is missing. I dont know where she is and I don't have any way to call her house.
Of course! Do you like them swanky, slinky, spanky, or stinky?
Oh my god (hangs up)
Not a difference maker (Score:3)
Either way, dealing with the US gov't you get screwed.
Ok, I resent that (Score:2)
And yeah, after having multiple people in my life saved by gov't supplied healthcare I've kinda got a stick up my ass about it.
Re: (Score:1)
Re: (Score:3)
Question is - was it worse than what it replaced? (Score:1)
There's probably a lot of government sites where the overall utility to citizens would be increased by providing hardcore porn. Maybe that's why they left some up.
Re: (Score:3)
Anyone remember whitehouse.com? (Score:2)
ludo (Score:1)
Oblig (Score:2)
Pics or didn't happen!
lol (Score:3)
From the summary:
Gizmodo first reported a year ago that a wide variety of U.S. government sites were misconfigured, allowing porn bots to create links that redirected visitors to sites with colorful names like "HD Dog Sex Girl" and "Two Hot Russians Love Animal Porn." Among those affected was the Justice Department's Amber Alert site, links from which apparently redirected users to erotic material.
Gizmodo first reported a year ago that a wide variety of U.S. government sites were misconfigured, allowing porn bots to create links that redirected visitors to sites with colorful names like "HD Dog Sex Girl" and "Two Hot Russians Love Animal Porn." Among those affected was the Justice Department's Amber Alert site, links from which apparently redirected users to erotic material.
In a distressing world full of constant change and upheaval, the quality of Slashdot's editorial team is a soothing constant. I was worried when Taco sold out, but it looks like my fears were unfounded.