By Thomas Claburn
October 31, 2008 05:05 PM
The Defense Intelligence Agency Web site, until earlier this week,
exposed job applicants to potential privacy and security risks because
While there's no evidence that the site leaked personal information, the
Statcounter.com server in Ireland provided a weak link in the security
chain that could have been exploited to provide potentially valuable
foreign intelligence about future DIA personnel.
Security researcher Bipin Gautam sent an e-mail to the Full Disclosure
security mailing list earlier this week outlining his concerns.
In a follow-up e-mail to InformationWeek, he explained the issue. "If a
advertisement scripts, [or] banners called from third-party servers, the
Web site is at risk of having to rely on the third party as well for
overall security assurance of its Web site," he said.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!