A structured query language injection vulnerability at ICE
like the Bobby Tables exploit?
An Office of the Inspector General audit into the US Department of Homeland Security has identified a range of deficiencies across the agency, which is responsible for America's cybersecurity. The 36-page audit (PDF) was published with the positive title "[Department of Homeland Security (DHS)] Can Strengthen its Cyber Mission …
like the Bobby Tables exploit?
"DHS components must also address the information security deficiencies we identified."
Given no "HTTPS", "SSL", "TLS" string can be found in the audit report, should we assume the Man in the Middle vulnerabilities (present for months, probably years) in the majority of DHS domains will not be addressed (as not included among the identified deficiencies)?
https://badssl.netray.nl/badssl_dhs.gov.pdf
(compiled on Sept. 17 2015)
A few years back I had to trash a pristine mail addy because it got swamped by spam and fishing attempts 2 days after I gave it on a DHS form upon entry in the US (that was the sole use I made of this adress). Since then, whenever the DHS drone insists the field must absolutely be filled, I put in a valid but extremely long addy (doesn't fit in the allowed space, and so is mostly unreadable) and I haven't had any further problem.