Sign in / up

back to article US court system bug opened hole for hackers to scoop up legal docs for free on victims' dime

A cross-site forgery vulnerability in the American court system's document archive PACER has been fixed. The bug could have been exploited to hijack accounts and retrieve civil and criminal lawsuit files on victims' dime. PACER, run by the Administrative Office of the US Courts, is a massive searchable trove of records, …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Facepalm

    Cross-site forgery vulnerabilities are still a thing

    Do you think the people who invented cross-site scripting (XSS), javascript, cookies ever stopped to think about how this would impact web security. XSS designed to inject web-adverts into your browser from some third party site, like double-click. Javascript designed to make websites dynamic. Cookies used for web authentication. Does this flaw work on anything else except Microsoft Windows. I don't think so, cause it would have been mentioned by now.

    2 4 Reply
    1. phuzz Silver badge
      Reply Icon
      FAIL

      Re: Cross-site forgery vulnerabilities are still a thing

      It's OS independent.

      What they're doing is effectively making use of of the client's cookies (and the client can be running any OS and any web browser that stores cookies, ie all of them), using them to make requests to the server (which in this case is using apache, so probably running on linux).

      2 0 Reply
  2. John Smith 19 Gold badge
    Unhappy

    Good to know the UK legal system is immune to this sort of attack

    And while the SoA in comms is the faxed page they always will be.

    1 1 Reply
  3. Adam 1

    Is that why ...

    ... they needed Hutchins for the weekend?

    0 0 Reply
  4. Pascal Monett Silver badge

    The flaw exists since the 90's

    Is there absolutely no chance that anyone has had their filings perturbed by this ?

    Maybe not, but are we sure ?

    0 0 Reply
  5. nickx89

    Something positive.

    It's positive that they fixed the vulnerability before potential attack. This forward approach should be adopted by everyone.

    0 0 Reply
  6. Daedalus

    It's Federal

    This just affects the Federal courts, so if you got a speeding ticket in Podunk, Iowa, you're OK. Likewise Charles Manson's details in the California system are safe.

    Things that don't actually exist whatever the rest of the world thinks:

    The American Justice System.

    The American Education System.

    The American Health Care System (but they're working on it...)

    0 1 Reply
  7. Stevie Silver badge

    Bah!

    Get Rid Of Useless Javascript Now!

    0 2 Reply
  8. kain preacher

    Just to let you know not every thing on PACER cost. Its up to the court to decide. Most of the stuff the 9th district post is free.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like