Spammers Abusing Trust in US .Gov Domains (opens in new tab)

(krebsonsecurity.com)

22 pointsKhol10y ago4 comments

4 comments

4 comments · 2 top-level

Someone123410y ago· 2 in thread

Bit.ly could follow the links, see if they redirect, and if they do then don't flag them as ".gov" if they don't terminate on a ".gov" site.

Ultimately however it would be better to eliminate these insecure redirects because even without bit.ly spammers can use .gov websites to make their link seem more legitimate.

duskwuff10y ago

Or a step further: don't use the usa.gov URLs for any link that appears to contain an embedded URL (e.g, contains "http://" or "https://").

Artur_Gaspar10y ago

It's not hard to not redirect bit.ly but redirect victims that click the link.

Some .gov sites need the redirect for whatever reason, but they could check the referer.

nateabele10y ago

This is clearly a public safety issue. Private industry should set up a licensing board that regulates government use of technology, contingent on some demonstration of competence.

j / k navigate · click thread line to collapse