8th September 2017, By Mark Wycislik-Wilson
A security researcher discovered two serious flaws on the HMRC tax website which could have allowed attackers to view, or even edit, tax records. But the researcher, Zemnmez, was astonished not only by the flaws, but also at how hard it was to report them.
In a lengthy blog post entitled “how to hack the uk tax system, i guess,” Zemnmez gives details of his findings. He also reveals that it took no fewer than 57 days to successfully report the issues so they could be looked into.
Zemnmez is not new to finding bugs and security issues on websites, and his report makes for interesting reading. He found that the login page for the HMRC tax site uses a simple redirect that can be easily exploited. It meant that a malicious URL could use the tax site login page to send login information to another site.
Full Article.
Take a look at the best antivirus, anti-malware, anti-spy, etc. software
Powered by WPeMatico