Email Isn’t the Only Place You Should be Cautious of File Links
This article is from arsTechnica. At the beginning of the month, The FCC was found to have a bug in its comment system API that allows users to add files, pictures, or anything else they would like to upload to the FCC’s site (yes literally anything can be uploaded) given that it does not exceed 25MB in size. While this can be used in a non-malicious manner, it can also be used to upload malware or official looking documents for phishing.
This problem looks to have multiple parties to blame. There is firstly the API’s programmer who if they had just limited the kinds of file types or put some other kind of limits on the API could have nipped this one in the bud. The FCC’s web team or person also gets some flack for failing to properly screen commenting APIs before implementing one in which case they should have been able to implement limitations to make up for the API’s lack of them.
Both parties, The API’s developer(s) and the FCC’s web developers I believe both failed to do their jobs properly but now that this issue has managed to slip past everyone who should have caught it and been discovered and publicized, the biggest thing is what the FCC’s response will be and how fast they are to take care of the problem. Mistakes will always happen, that is a given, but if they are not addressed well and in a timely manner is when they can get to be a REALLY big problem.
The last thing to note is that because people can be uploading anything they want, you should be very careful not to click on files and other things on websites unless you know what the document, link, or whatever else it may be is.
Article Link: https://arstechnica.com/information-technology/2017/08/fccs-public-comment-api-lets-you-post-just-about-anything-to-gov-website/