Posted on Nov 14, 2021
The FBI’s email system was hacked to send out fake cybersecurity warnings
943
20
5
9
9
0
Posted 3 y ago
Responses: 2
This one is just too funny from a security perspective. This was probably a forgotten piece of functionality as the government focuses more on unauthorized access to confidential information than it does little annoyances like this. This annoyance was a gut punch to their reputation, however.
The Krebs article states that everything about these emails was generated client-side. Everything about the attack was setup locally and then sent back to the server, which willingly complied because that's the way it was programmed. "Here, server, just send this email on my behalf and don't ask any questions." The first rule in application security is that you never trust anything from the client. It's like asking a kid if they brushed their teeth or washed behind their ears.
The Krebs article states that everything about these emails was generated client-side. Everything about the attack was setup locally and then sent back to the server, which willingly complied because that's the way it was programmed. "Here, server, just send this email on my behalf and don't ask any questions." The first rule in application security is that you never trust anything from the client. It's like asking a kid if they brushed their teeth or washed behind their ears.
(2)
(0)
Read This Next