The FCC Website Lets You Upload Malware Using Its Own Public API Key (hackernoon.com) 41
The FCC lets you upload any file to their website and make that file publicly accessible using the FCC.gov domain. Or rather they don't, but they have somehow not realized that they are letting people do it and telling them how in their own documentation. From a report: Take a look at this document about FCC Chairman Ajit Pai which has clearly not been put there by anyone who works at the FCC, neither has this one. Those currently uploading files are able to do this using the FCC's own public API, a key that they seem to send to anyone with any email address. Obviously I am not going to tell you how, but if you have enough of the right kind of technical experience the public FCC API documentation will. People seem to be experimenting uploading different filetypes, so far they have managed pdf/gif/ELF/exe/mp4 files up to 25MB in size, which means that you could easily host malware on the FCC.gov website right now and use it in phishing campaigns that link to malware on a .gov website.
How long before it is hosting kiddy porn (Score:4, Interesting)
Re: (Score:2)
It's a reverse honey-pot.
Re: (Score:1)
"That's just what they want people to do. Track the malware files back to their uploaders."
Starbucks?
Re: (Score:2)
Re: (Score:1)
All I gotta say is: yet another evidence of Trump - Russia collusion.
Hitler impeachment any day now. Hillary 2020!
Re: (Score:2)
I'm thinking it's Obama's fault.
So...Slashdot expects me... (Score:3, Interesting)
to download random files of unknown origin, from a website they say can't be trusted? That is, if I am to believe the article summary.
Re: (Score:1)
They're just PDF files, what's the worst that could happen?
Re: (Score:2)
If you use Adobe Reader to open the PDF, complete destruction of all life in the universe.
Re: So...Slashdot expects me... (Score:2)
Anyone have an API key? (Score:1)
Anyone mind sharing a valid API key?
Decision Makers (Score:5, Funny)
And these are the people who are making decisions about the future of the Internet?
Re:Decision Makers (Score:5, Insightful)
Making decisions? Its already made, to bend over backwards for Big Business at the expense of the public
Re: (Score:2)
I hope you are not surprised by this.. The FCC has been this way for decades now.
Corporate Agenda Comi$$ion (Score:1)
I hope you are not surprised by this.. The FCC has been this way for decades now.
Indeed, younguns should take a moment and watch Pump Up The Volume (again). Everybody knows the war is over.
the fles (Score:5, Interesting)
Re: (Score:2)
RCE? (Score:3)
Eh... interesting but boring. How about PHP/asp/py/pl/vbs and other server side languages?
Re: (Score:1)
They'll fix it with Secret Sauce (Score:1)
Just as with their DDoS mitigation tactics, you can bet that they will fix this with some "commercial cloud partner" Secret Sauce. Because God knows, we can't expect the Federal Communications Commission to have in-house the technical skills to competently run a reasonably safe server that allows them to accept public comment and supporting evidence documents over The Internet.
<Comment Subject> (Score:1)
Perhaps we might see an unexpected release on their site about how they've decided to 'do the right thing (tm)' re. net neutrality ?
unintended consequences (Score:2)
When they opened up the site for the auto-submit bots from Comcast and Verizon to flood their public feedback channel with ant-neutrality comments, this was a side effect.