• Home
  • Privacy Policy
  • Write For Us
IDEGRAAF
  • Home
  • Schools
  • Institutes
  • Scholarship
  • Distance Learning
  • Online Classes
  • Education Loans
  • Recruitment
  • Career
No Result
View All Result
  • Home
  • Schools
  • Institutes
  • Scholarship
  • Distance Learning
  • Online Classes
  • Education Loans
  • Recruitment
  • Career
No Result
View All Result
IDEGRAAF
No Result
View All Result
Home Recruitment

Protected US military server poked via army recruitment website

saheli by saheli
January 23, 2017
in Recruitment

Beads of sweat must have surely run down the face of one hacker who, while trying to score a bug bounty, inadvertently infiltrated an “internal US Department of Defence website that requires special credentials to access.”

The unnamed hacker used exploited a pair of vulnerabilities to gain access to the US Army network via an unpatched website and a misconfigured proxy. The starting point, goarmy.com, paved the way to an open proxy and into the normally access-controlled internal DoD server.

Uncle Sam’s techies quickly shored up their defenses after the security shortcomings were reported via the Hack the Army bug bounty that ran from November to December 21, 2016, we’re told.

“They got there through an open proxy, meaning the routing wasn’t shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system,” Hack the Army staffers explained.

“On its own, neither vulnerability is particularly interesting, but when you pair them together, it’s actually very serious.”

The Army remediation team and the Army Cyber Protection Brigade patched the bugs breaking the attack chain and preventing exploits. We’re told that the first bug submitted to the HackerOne-run-bounty – one of 118 exploited vulnerabilities reported in all – was discovered five minutes after the program was launched. The agency paid out $100,000 in bug bounty rewards.

Of the 371 participants, 25 were government employees, including 17 military bods. The US Army indicated it may be launching another bounty or similar service due to the success of its November venture.

There is no word on whether the chained vector was used to breach the army previously. We’ve asked the Pentagon for comment.

[Source:-The Register]

Tags: ArmyMilitarypokedProtectedRecruitmentserverUsviawebsite
Previous Post

TN Police Recruitment 2017: Notification 15711 vacancies Constables Jail Warders Firemen tnusrb.gov.in

Next Post

Online edu’nal scholarship scheme launched by ACC Cement works

Next Post

Online edu'nal scholarship scheme launched by ACC Cement works

Recent Post

  • India’s Merit Scholarships: A Comprehensive Guide A student’s academic
  • Education Loans Without Collateral For Studying Abroad: Guide
  • The cheapest loans for education for Indian students (2025)
  • Education Loan Providers study abroad
  • Types of Education Loans Students Must Know
  • What is Distance Learning? The Whole Manual
  • 8 Tips for Successful Online Home Tuition Sessions
  • The Amazing Benefits of CA Online Classes for Students
  • The 23 Best Recruitment Blogs of 2025
  • 7 Top Challenges with Online Learning For Students (and Solutions)

Calendar

July 2025
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
28293031  
« Jun    
idegraaf

Navigate Site

  • Home
  • Privacy Policy
  • Write For Us

Follow Us

No Result
View All Result
  • Home
  • Schools
  • Institutes
  • Scholarship
  • Distance Learning
  • Online Classes
  • Education Loans
  • Recruitment
  • Career