Wednesday, July 25, 2018

Mischievous posting

A mischievous user posted in my Feedback website a redirection link. When the feedback is displayed, it is redirected to another page, instead of displaying the content.

I found out this mischief. I have since added a check to stop any direction instruction in the content field of the feedback in these two websites:

www.tklcloud.com/feedback
www.tklcloud.com/conv

When a vulnerabilty or mischief is detected, it is possible to take remedial action.

A similar approach can be taken for hacking, such as what has happened with Singhealth. It is useful to share information about how the hacking occured, so that other websites can prevent this kind of abuse.

I do not belief in maintaining secrecy, which is a common habit in Singapore.




No comments:

Post a Comment