An Interest In:
Web News this Week
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
Some of Our Sources
- Team Treehouse
- Just Creative
- Inspiredology
- Naldz Graphics
- Crazy Leaf Design
- Stylized Web
- Specky Boy
- Willems Lab
- Daily Now
- TechPowerUp
Help Webnuz
Referal links:
August 31, 2017 10:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/mnrH0bQz0Co/the-fcc-website-lets-you-upload-malware-using-its-own-public-api-key
The FCC Website Lets You Upload Malware Using Its Own Public API Key
The FCC lets you upload any file to their website and make that file publicly accessible using the FCC.gov domain. Or rather they don't, but they have somehow not realized that they are letting people do it and telling them how in their own documentation. From a report: Take a look at this document about FCC Chairman Ajit Pai which has clearly not been put there by anyone who works at the FCC, neither has this one. Those currently uploading files are able to do this using the FCC's own public API, a key that they seem to send to anyone with any email address. Obviously I am not going to tell you how, but if you have enough of the right kind of technical experience the public FCC API documentation will. People seem to be experimenting uploading different filetypes, so far they have managed pdf/gif/ELF/exe/mp4 files up to 25MB in size, which means that you could easily host malware on the FCC.gov website right now and use it in phishing campaigns that link to malware on a .gov website.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/mnrH0bQz0Co/the-fcc-website-lets-you-upload-malware-using-its-own-public-api-key
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot