Business
ATO declines to fix code replay flaw within myGovID – ZDNet
Security researchers advise users to not use the system until it is patched, and given the taxation office’s response, that could be a long time coming.
The default login option for agents used by the Australian Taxation Office (ATO) is vulnerable to a code replay attack, security researchers Ben Frengley and Vanessa Teague said.
Writing in a blog post, the pair described that an attacker could use a malicious login form to capture user details, which the attacker could then use to login into other accounts held by the myGovID user.
The nub of the attack is that when a myGovID user attempts to login into a site, they are asked to input a fou…
-
Noosa News24 hours agoUnlawful wounding charges, Caloundra – Sunshine Coast
-
Business17 hours agoThis artificial intelligence (AI) and “Magnificent Seven” stock will be the next company to surpass a $3 trillion market cap by the end of 2025
-
General18 hours agoFootballers and movie stars: PM’s Shanghai tourism push
-
General15 hours ago‘Hidden and radical’ power of First Nations women unlocked in big hART’s Punkaliyarra project