A Year Later, U.S. Government Websites Are Still Redirecting to Hardcore Porn

[InfoSec News <alerts () infosecnews org>]

https://gizmodo.com/a-year-later-u-s-government-websites-are-still-redire-1835336087

By Dell Cameron
Gizmodo
June 10, 2019

Dozens of U.S. government websites appear to contain a flaw enabling anyone to 
generate URLs with their domains that redirect users to external sites, a handy 
tool for criminals hoping to infect users with malware or fool them into 
surrendering personal information.

Gizmodo first reported a year ago that a wide variety of U.S. government sites 
were misconfigured, allowing porn bots to create links that redirected visitors 
to sites with colorful names like “HD Dog Sex Girl” and “Two Hot Russians Love 
Animal Porn.” Among those affected was the Justice Department’s Amber Alert 
site, links from which apparently redirected users to erotic material.

Following Gizmodo’s report, a handful of government offices changed their 
settings to address the problem. The problem persists, unfortunately, and 
several new websites appear to be affected. While it appears that mostly porn 
bots are taking advantage of these poorly configured sites, it also poses a 
serious security concern.

The ability to generate malicious links that appear to lead to actual 
government websites can be a handy pretense for criminals conducting phishing 
campaigns. What’s more, these malicious redirects may be used to send users to 
websites masquerading as official government services, encouraging them to hand 
over personal information, such as names, addresses, and Social Security 
numbers.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_