back to article When uploading comments to the FCC, you can now include malware

A laughably insecure comment system has left US comms watchdog the FCC open to malware attack, and the agency doesn't seem to know what to do about it. The security hole was spotted by a 20-year-old US university student, who found that when someone applies to put a comment onto the FCC website, the system allows almost any …

Silver badge
Facepalm

What ? A comment system that allows for uploading anything ?

Who on God's green Earth thought that it was a good idea to allow any Internet netizen, meaning any number of effin' trolls, to upload up to 25MB of almost anything ?

I mean, my grandmother might have thought it was a good idea, but she died before the PC was a thing. She would not have had the slightest idea of what that implied.

So it seems to me that the FCC is chaired by my grandmother's knitting club.

Good luck explaining this world to them.

11
0
Silver badge

Re: What ? A comment system that allows for uploading anything ?

Uploading is fine.

The problem is that this also lets you download, from an fcc.gov link with https and the nice little green padlock, and then a message asking if you want to trust content from fcc.gov

11
0
Silver badge

Never confuse incompetence for malice

Unless, of course, one has reason to believe Pai and the Puppets desire another 'plausible' reason to discredit public commentary on net neutrality, and have an excuse to cast the entire neutrality movement as saboteurs and criminals who just want to keep their attack platform.

9
0
Silver badge

I bet I know what that webform does

Stick everything in an email, attachment and all, and send it to a mailing list running on an Exchange server. The mailing list emails viewed with Outlook on Windows machines.

Due to sod's law, it couldn't be anything else.

2
0
Anonymous Coward

Crypto-malware incident begging to happen?

0
0
Silver badge

""The Commission has had procedures in place to prevent malware from being uploaded to the comment system. And the FCC is running additional scans and taking additional steps with its cloud partners to make sure no known malware has been uploaded to the comment system."

What about the unknown malware or one that has been specifically crafted for them.

1
0
Bronze badge
Devil

no known malware

Methinks they missed the point.

4
0
Silver badge

With numpties like these how would they know if they have been infected ? This like taking a windows or even a linux server and turning on ever single port possible with no fire walls and wounder why you got hit.

1
0

This post has been deleted by its author

A bit o' false equivalency?

"And this is the agency that wants to regulate the internet"

Dang. Who'd have thought that the FCC commissioners were doing their own IT work‽

0
1
Bronze badge

Re: A bit o' false equivalency?

"Who'd have thought that the FCC commissioners were doing their own IT work‽"

Are you saying the FCC is not ultimately responsible for work done on its behalf by those it hires?

1
0

Um

Whilst the file size is a bit surprising, though maybe not, it's really what happens to the files after they are uploaded that's the key. Every single government department I have ever worked with allows you to upload files, and of any type, remember just because the file says it's a PDF, doesn't mean it actually is. In every case uploaded files are triaged to make sure they are what they say they are, quarantine what's suspicious and store the rest, which in some cases might actually be a virus, one man's virus is another man's data. Mind you, if the FCC doesn't do this, then they deserve everything they get, but somehow I suspect they do. Remember a Windows virus is useless on Unix or non-intel system, and content systems don't tend to execute uploaded files as they are data to it.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017