• Home
  • Privacy Policy
  • Write For Us
IDEGRAAF
  • Home
  • Schools
  • Institutes
  • Scholarship
  • Distance Learning
  • Online Classes
  • Education Loans
  • Recruitment
  • Career
  • Privacy Policy
No Result
View All Result
  • Home
  • Schools
  • Institutes
  • Scholarship
  • Distance Learning
  • Online Classes
  • Education Loans
  • Recruitment
  • Career
  • Privacy Policy
No Result
View All Result
IDEGRAAF
No Result
View All Result
Home Recruitment

Protected US military server poked via army recruitment website

saheli by saheli
January 23, 2017
in Recruitment
0 0
Share on FacebookShare on Twitter

Beads of sweat must have surely run down the face of one hacker who, while trying to score a bug bounty, inadvertently infiltrated an “internal US Department of Defence website that requires special credentials to access.”

The unnamed hacker used exploited a pair of vulnerabilities to gain access to the US Army network via an unpatched website and a misconfigured proxy. The starting point, goarmy.com, paved the way to an open proxy and into the normally access-controlled internal DoD server.

Uncle Sam’s techies quickly shored up their defenses after the security shortcomings were reported via the Hack the Army bug bounty that ran from November to December 21, 2016, we’re told.

“They got there through an open proxy, meaning the routing wasn’t shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system,” Hack the Army staffers explained.

“On its own, neither vulnerability is particularly interesting, but when you pair them together, it’s actually very serious.”

The Army remediation team and the Army Cyber Protection Brigade patched the bugs breaking the attack chain and preventing exploits. We’re told that the first bug submitted to the HackerOne-run-bounty – one of 118 exploited vulnerabilities reported in all – was discovered five minutes after the program was launched. The agency paid out $100,000 in bug bounty rewards.

Of the 371 participants, 25 were government employees, including 17 military bods. The US Army indicated it may be launching another bounty or similar service due to the success of its November venture.

There is no word on whether the chained vector was used to breach the army previously. We’ve asked the Pentagon for comment.

[Source:-The Register]

Tags: ArmyMilitarypokedProtectedRecruitmentserverUsviawebsite
Previous Post

TN Police Recruitment 2017: Notification 15711 vacancies Constables Jail Warders Firemen tnusrb.gov.in

Next Post

Online edu’nal scholarship scheme launched by ACC Cement works

Next Post

Online edu'nal scholarship scheme launched by ACC Cement works

Recent Post

  • What is Web3 and How Could it Disrupt Education?
  • HPTET 2021 result declared: How to check scorecard and what’s next
  • USF team receives grant to help caregivers support preschoolers’ mental health
  • Why Repaying Your Education Loan is Important
  • Education Ministry Launches Online Module To Track, Re-Enrol Out-Of-School Children
  • MP govt and private schools come to a face-off over school fees issue
  • NBSE Result 2022: Nagaland Board HSLC, HSSLC Results Not Today; Details Here
  • Tata Sky Binge+, HD Set-Top Boxes Price Discounted Up to Rs. 400 Online
  • Digital University Kerala Partners With United Nations, World Health Organization On Disaster Preparedness
  • Unlimited opportunities, huge investments: India bets big as Expo 2020 Dubai kicks off

Calendar

June 2023
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  
« Jul    
IDEGRAAF

Navigate Site

  • Home
  • Privacy Policy
  • Write For Us

Follow Us

No Result
View All Result
  • Home
  • Schools
  • Institutes
  • Scholarship
  • Distance Learning
  • Online Classes
  • Education Loans
  • Recruitment
  • Career
  • Privacy Policy

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In