Wednesday, March 1, 2017

It's Fraud Prevention Month 2017

In Canada, it's Fraud Prevention Month again (this occurs every March).  I'm a bit annoyed to be honest, as some of the work I did last year to sort out the mess in Canada has been undone.  

It appears that between Christmas and now, someone in the Canadian Government rolled back the shared platform code to pre-June 2016 levels, meaning that just like Fraud Prevention Month in 2016, the Federal websites are wide open to a few abuses again.

Example of x-frame vulnerability, on the official "Get Cyber Safe" website.

What a circus!