Replies

To: Openurmind

https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/

shows how it was done (taking advantage of absolutely idiotic FBI software developers):

Much of that process involves filling out forms with the applicant’s personal and contact information, and that of their organization. A critical step in that process says applicants will receive an email confirmation from eims@ic.fbi.gov with a one-time passcode — ostensibly to validate that the applicant can receive email at the domain in question.

But according to Pompompurin, the FBI’s own website leaked that one-time passcode in the HTML code of the web page.

13 posted on 11/13/2021 4:26:09 PM PST by PapaBear3625 (Only the insane have the strength to prosper. Only those who prosper truly judge what is sane)

[ Post Reply | Private Reply | To 7 | View Replies ]

To: PapaBear3625

Thank you for sharing those details. :)

Goes to again... Unless they knock on your door with a warrant don’t give anybody nothin... :)

16 posted on 11/13/2021 4:29:46 PM PST by Openurmind (The ultimate test of a moral society is the kind of world it leaves to its children. ~ D. Bonhoeffer)

[ Post Reply | Private Reply | To 13 | View Replies ]

To: PapaBear3625

Good article. I read it earlier this morning from a link on Hacker News. Fedzilla is so large with so many different systems, that something like this was bound to happen.

As the quote in the article said, it's fortunate that the hackers didn't use it to extort sensitive data from recipients in the name of the FBI. The FBI would never have known.

37 posted on 11/14/2021 6:20:49 AM PST by Textide (Lord, grant that I may always be right, for thou knowest I am hard to turn. ~ Scotch-Irish prayer)

[ Post Reply | Private Reply | To 13 | View Replies ]

Free Republic
Browse · Search

News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794