Listen, while some of the government knows what they’re doing, a lot of it doesn’t and there’s still some fuck ups from agencies that are mainly competent. Don’t think that even big boy agenices like CIA or FBI doesn’t fuck up or you should listen to them 100%. Don’t be playing these appeal to authority fallicies on me. The US Government loves to ignore people or well it may just be me when you report computer bugs or flaws to them. I’ve found and reported bugs as well as vulnerabilities to CIA, FBI, and DoJ. Guess what, they all left me on read. The EGO these people have…smh. Anyway, here’s a list of bugs and vulnerabilities I found:
CIA: Extra space in a job posting and I think a misspelled word too, but they never fixed it or get back to me. Well this one was a noisy report anyway. Two CIA servers that were vulnerabile to some OpenSSH ndays regarding LPE. I mean they were post-auth, but guess what they still ignored me, but I think I recall them fixing this.
FBI: They had an externally facing website called atlas that accepted fed PKI authenticiation (Like the military’s CAD system) or just a username/password combo. I reported this to them and they stopped showing it externally a few days later, but they still left me on read smh.
DOJ: A hyperlink in a report about DPRK’s APT recent TTPs included a hyperlink to a North Korean website instead of a website it was suppose to link to (.gov site). I reported this, but they never replied and didn’t re-issue it with a correction. One press release about an old Xbox Underground hacker had an improper hyperlink that just linked the the file path of the document like file://C://Users/Emily/Documents/Justin_Beiber_PR.pdf. I actually found a second time that they did this, but they never fixed it and left me on read. THE NERVE.
TL;DR: The US Government loves reading people on read and ignoring reports, but it’s ok I still lowkey love you <3.