Franklin Veaux (tacit) wrote,
Franklin Veaux
tacit

  • Mood:

Woot! Score one for the good guys

Yesterday, I talked about how the Russian Zlob gang was abusing open redirectors on the Net to seed Google with links to malware. I'd made a list of such open redirectors over the past few days, and have been contacting the owners of the redirectors explaining the problem and how to fix it.

Last night, I found an open redirector on the usa.gov site, which was being used in Google links to spread malware. I fired off an email to the usa.gov Webmaster explaining the problem. This morning I got a very nice email reply saying they'd verified the problem and fixed it; the redirector now does referrer checking and refuses to redirect for non-local requests. Checked it out, and sure enough, it was fixed.

Woot! They had a patched script up within hours. Who says the government is always slow and inefficient?
Tags: computer security
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 8 comments