3,800 Vulnerabilities Detected In FAA’s Web Apps
ausekilis sends us to DarkReading for the news that auditors have identified thousands of vulnerabilities in the FAA’s Web-based air traffic control applications — 763 of them high-risk. Here is the report on the Department of Transportation site (PDF). “And the FAA’s Air Traffic Organization, which heads up ATC operations, received more than 800 security incident alerts in fiscal 2008, but still had not fixed 17 percent of the flaws that caused them, ‘including critical incidents in which hackers may have taken over control of ATO computers,’ the report says. … While the number of serious flaws in the FAA’s apps appears to be staggering, Jeremiah Grossman, CTO of WhiteHat Security, says the rate is actually in line with the average number of bugs his security firm finds in most Web applications. … Auditors were able to hack their way through the Web apps to get to data on the Web application and ATC servers, including the FAA’s Traffic Flow Management Infrastructure system, Juneau Aviation Weather System, and the Albuquerque Air Traffic Control Tower. They also were able to gain entry into an ATC system that monitors power, according to the report. Another vulnerability in the FAA’s Traffic Flow Management Infrastructure leaves related applications open to malware injection.”
Read more of this story at Slashdot.