1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • The official NASA website has some out-of-this-world security fla

    From TechnologyDaily@1337:1/100 to All on Wed Jun 7 18:15:03 2023
    The official NASA website has some out-of-this-world security flaws

    Date:
    Wed, 07 Jun 2023 17:00:52 +0000

    Description:
    A vulnerability was present for months, despite being spotted twice already.

    FULL STORY ======================================================================

    For months, one of NASAs websites was vulnerable to an open redirect flaw, allowing threat actors to redirect unsuspecting visitors to malicious third party landing pages.

    This is according to cybersecurity researchers from the Cybernews team, who said theres no evidence of the flaw being abused in the wild, but that such a scenario is quite probable.

    Earlier this week, the Cybernews team reported that its researchers
    discovered a flaw in NASAs Astrobiology website. The vulnerability allows threat actors to redirect the visitors elsewhere, and the researchers believe hackers might have created a website seemingly identical to NASAs. Validating user input

    The fake page may have a login prompt, a download button, or a fake payment gateway, tricking visitors into downloading malware , giving away identity data, or money.

    The least damaging scenario is the one where hackers simply redirect people
    to a page with ads and monetize the visits and clicks. Read more

    Hackers are attacking another serious WordPress security flaw - here's how
    to keep your site safe


    This WordPress plugin security flaw could put millions of websites at risk
    - find out if you are affected


    Check out the best free web security scanners

    The team also said that another security researcher discovered the same flaw independently in mid-January too. Given that NASA failed to address the vulnerability on its premises (despite being notified on time), theres a high chance that a malicious actor discovered it as well, they say.

    To protect against open redirect flaws, the Cybernews team says website
    owners need to validate all user input, including URLs, to make sure the
    input only contains valid values.

    This can include using regular expressions to verify that URLs are in a
    proper format, checking that URLs are from trusted domains, and verifying
    that URLs do not contain any unexpected or malicious characters, the researchers said.

    Another method is URL encoding, which prevents malicious characters from
    being injected into URLs. That effectively prevents threat actors from exploiting open redirect flaws even if they are present on the website.

    Website owners can create a whitelist of trusted URLs and only allow
    redirects to those URLs. This can help to prevent attackers from redirecting users to malicious or unauthorized websites, the team concluded. These are
    the best firewalls right now

    Via: Cybernews



    ======================================================================
    Link to news story: https://www.techradar.com/news/the-official-nasa-website-has-some-out-of-this- world-security-flaws


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)