A government website that may host malicious files greets visitors with a stern warning: Damages may occur, and Miami-Dade County is not liable.
Welcome to the Miami-Dade County Environmental Quality Control Board online records system (click here at your own risk). It’s an http blunderland of potential Macros, Action Scripts, and Java Applets, alright.
If you don’t know what those are, they are little mini programs that can be embedded into popular files like .PDF, .XLS, and .Doc. These mini-programs can be written to execute upon opening and are related to the “spear phishing” form of electronic fraud that you may have heard of.
According to security expert Sentinel, malicious code hidden in PDF files can be used to launch Trojan Horse attacks for total system control of your device or computer.
Another potential danger are the same type of attacks launched from .XLS , and .DOC filetypes in the popular Excel and Microsoft Word programs that open them.
How Can This Be Dangerous?
The Environmental Quality Control Board is in charge of hearing requests for time extensions for adhering to Environmental Protection codes.
These codes determine the prevailing standards of protection we have set in place for the environment. These standards affect the construction industry both residential and commercial. Public building of bridges and road construction too.
The online record systems are likely to be accessed by a variety of government officials, concerned citizens, and industry insiders, maybe even industry competitors.
That makes for what an online criminal could find to be good prey.
If only the site employed basic, industry standard security protocol, at least even accessing the site could be safer.
It is hosted on an Insecure HTTP Network
Anybody who has built any kind of website in the past few years knows that HTTPS is the standard level of security protocol that every site should strive for. Even if you’ve never built a website, your browser on your phone or computer might not even open the webpage without a major security warning. Your browser will probably show a broken lock indicating that the security is lax and should not necessarily be trusted.
This is the first Underwaterville look into this matter, but the story doesn’t end here. Stay tuned.