Vulnerability Development mailing list archives
Operation TIPS
From: George Imburgia <gti () armorfirewall com>
Date: Wed, 17 Jul 2002 10:50:48 -0400 (EDT)
Recently, the federal government started a program to recruit utility workers, postal employees, truck drivers and such into an informant program; http://www.citizencorps.gov/tips.html When you choose to join, it takes you to; https://www.citizencorps.gov/citizen/jsp/volunteerform.jsp?programName=5 After looking at the source code of this url, it became apparent that sanity checking of user input is done on the client. Testing confirmed that this is exploitable. In other words, it's easy to retrieve a list of their volunteer informants. Apparently they plan to address issues like this the easy way, by locking up people that exploit it for life. This is a FEMA site, which would qualify for a life sentence under the "Cyber Security Enhancement Act of 2002". George Imburgia Senior Network Security Engineer Capitol Networking gti () armorfirewall com
Current thread:
- Operation TIPS George Imburgia (Jul 17)
- Re: Operation TIPS Benjamin Krueger (Jul 18)
- Re: Operation TIPS - the FEMA response George Imburgia (Jul 29)
- Re: Operation TIPS - the FEMA response KF (Jul 30)