Some U.S. Government Websites Vulnerable to Spammy Redirects

Not government sanctioned.

Many Americans may instinctively believe there’s little risk in visiting any site that ends with .gov. It’s the government–their sites are secure, right? Apparently not.

Sophos’s NakedSecurity blog reports that spammers have discovered many U.S. sites are vulnerable to a simple exploit that sends the unwary to fake “work-at-home” websites.

The culprit is sloppy coding, which permits something called an open redirect. NakedSecurity demonstrated the ease with which a spammer can construct an open redirect: Read More