Tag: glitch | SpinSafe

Twitter glitch allows CIA informant channel to be hijacked

October 17, 2023/in Internet Security

By Joe Tidy
Cyber correspondent

8 minutes ago

Image source, Getty Images

A cyber-security researcher has exploited a glitch on the CIA’s official Twitter account, to hijack a channel used for recruiting spies.

The US Central Intelligence Agency (CIA) account on X, formerly known as Twitter, displays a link to a Telegram channel for informants.

But Kevin McSheehan was able to redirect potential CIA contacts to his own Telegram channel.

“The CIA really dropped the ball here,” the ethical hacker said.

The CIA is a US government organisation known for gathering secret intelligence information, often over the internet, from a vast network of spies and tipsters around the world

Its official X account, with nearly 3.5 million followers, is used to promote the agency and encourage people to get in touch to protect US national security.

Biggest fear

Mr McSheehan, 37, who lives in Maine, in the US, said he had discovered the security mistake earlier on Tuesday.

“My immediate thought was panic,” he said.

“I saw that the official Telegram link they were sharing could be hijacked – and my biggest fear was that a country like Russia, China or North Korea could easily intercept Western intelligence.”

At some point after 27 September, the CIA had added to its X profile page a link – https://t.me/securelycontactingcia – to its Telegram channel containing information about contacting the organisation on the dark net and through other secretive means.

The channel said, in Russian: “Our global mission demands that individuals be able to reach out to CIA securely from anywhere,” while warning potential recruits to “be wary of any channels that claim to represent the CIA”.

Image caption,

Anyone clicking on the link was directed to Mr McSheehan’s Telegram channel

But a flaw in how X displays some links meant the full web address had been truncated to https://t.me/securelycont – an unused Telegram username.

As soon as Mr McSheehan noticed the issue, he registered the username so anyone clicking on the link was directed to his own channel, which warned them not to share any secret or sensitive information.

“I did it as a security precaution,” he said.

“It’s a problem with the X site that I’ve seen before – but I was…

Source…

Rochester Public Schools fixes internet glitch that blocked school board candidates’ website – Post Bulletin

October 3, 2022/in Internet Security

ROCHESTER — Rochester Public Schools has reported that an issue with its internet security has been fixed, no longer blocking the joint website of four school board candidates.

The candidates

raised the issue

during a recent debate at the Rochester Public Library, accusing the school district of cancel culture and voter suppression. The candidates include John Whelan, Elena Niehoff, Kim Rishavy and Rae Parker.

RPS subsequently responded with a statement, clarifying that the candidates’ website was unable to be accessed since it was “incorrectly flagged on some RPS devices” as a “parked domain” by the district’s security vendor, Netskope. The terms refers to websites that are “in development or waiting for a new owner,” according the Google Ads Center.

As of Sunday, RPS said Netskope had reclassified the website as “education.”

Source…

Swiss Airspace Closed After Computer Glitch, Flights Grounded

June 15, 2022/in Computer Security

Flights have been grounded in several airports.

Geneva:

Swiss airspace was closed on Wednesday after a computer glitch with the air traffic control system grounded flights at the country’s main airports, officials said.

“Swiss airspace is closed to traffic for security reasons after computer failure with Skyguide, the Swiss air traffic control service,” Skyguide said in a statement.

It did not give any details about the computer crash, but said it “regrets this incident and its consequences for the clients, partners and passengers of Geneva and Zurich airports and is working flat out to find a solution.”

Earlier, Geneva’s airport said in a tweet that it was grounding all of its flights until 11 am (0900 GMT) because of the computer failure.

The Swiss news agency ATS-Keystone said international flights to Switzerland were being re-routed to Milan.

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)

Source…

Security glitch enabled website to publish attorney discipline records, State Bar says – Orange County Register

March 1, 2022/in Computer Security

A public records website inadvertently published 260,000 confidential attorney discipline documents due to a security glitch within the State Bar of California’s case management system, not as a result of a malicious computer hack, officials said Monday.

The State Bar, in what was initially described as a “breach,” first discovered Friday that judyrecords.com had published the confidential documents along with about 60,000 public State Bar court cases.

The State Bar learned the documents were public after someone who had complained about an attorney told an investigator from its Office of Chief Trial Counsel about the judyrecords website. Judyrecords removed the documents on Saturday.

Judyrecords initially posted limited case profile information for approximately 260,000 nonpublic cases. The site owner has provided the State Bar with preliminary analytical data of its website traffic, showing that approximately 1,000 unique page views by the public.

“We are working closely with judyrecords to firmly identify the cases which were actually viewed,” the State Bar said in an email.

“It is now the State Bar’s belief that there was no malicious hack of its system,” the agency said in a statement. “Instead, it appears that a previously unknown security vulnerability in the Tyler Technologies Odyssey case management portal allowed the nonpublic records to be unintentionally swept up by judyrecords when they attempted to access the public records, using a unique access method. The State Bar is working with Tyler Technologies, the maker of the Odyssey system, to remediate the security vulnerability, which we believe may not be unique to the State Bar’s implementation and could impact other users of Odyssey systems.”

Tyler Technologies did not respond Monday to a request for comment.

The State Bar and judyrecords are working together to ensure that the nonpublic records are permanently purged from the site and that public records remain available.

The State Bar Court website allows the public to search for publicly available case information. However, state law requires that all attorney disciplinary investigations remain confidential until formal charges are filed…

Source…

Tag Archive for: glitch

Biggest fear