Tuesday, September 22, 2009

White House Website "at The Mercy of CrazyEgg.com"

The White House website may have a significant security flaw. It hinges on the small company 'CrazyEgg.com'. The problem is that the White House website points to javascript code at that site. If CrazyEgg.com is compromised, that code can be changed and replaced with something malicious. That means that if CrazyEgg.com is compromised then WhiteHouse.gov is also compromised.

http://directorblue.blogspot.com/2009/09/rookie-security-flaw-puts-white-house.html

"The key weakness? The White House website includes a tracking library from cetrk.com. The JavaScript library, created by "CrazyEgg.com", is typically used to produce graphical "heat maps" that show which pages visitors are clicking.
...
So who is "CrazyEgg"? A cursory review reveals that it appears to be a small company based in La Mirada, CA which markets graphical web analytic tools.
...
n other words, the security of the White House website hinges on the goodwill and security practices of CrazyEgg.com.

It's an exceedingly poor practice and should be addressed immediately.
"

1 comment:

Related Posts with Thumbnails

Like what you read; Subscribe/Fan/Follow