Open Source U.K. Government Websites Are Vulnerable

According to TechMonitor, hundreds of thousands of websites, including some with UK government domains, that use the open source development tool Git are at risk of having their entire codebase, history and previous code changes stolen by hackers.  Cybersecurity platform Defense.com found that 332,000 websites, including 2,500 on UK government domains, had failed to secure this highly sensitive .git folder created by the tool.

Doing so “leaves these businesses vulnerable to exploitation by threat actors and is a serious issue that many affected organisations are unaware of”, the report claims. “Those that are aware are not following cybersecurity best practices and are exposing themselves to a high level of risk.” An update was published by the Git project leaders in April to address a number of security flaws including a vulnerability affecting users on multi-user machines and another that affected the Git uninstaller, but researchers say the real issue lies with how the tools are being used.

They found that the fault didn’t actually lie with Git, but with Git users failing to follow best practice such as leaving hidden .git files exposed to Google and other search engines.

Subscribe
Notify of
guest

1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
August 18, 2022 3:06 pm

This threat is particularly dangerous when most web admins will be unaware of the potential damage and consequences. Open source technology allows others to view the source code but these hidden folders make this even more worrying. Searching the internet with a simple understanding of how to look specifically will point hackers in the direction of these folders and offer the ability to exploit them. Once in the files, there could be very sensitive data for anyone to access putting the organisation at risk. Removing Git will erase the problem and keep private data private. Open source technology is excellent but comes with a level of risk that organisations must fully understand and keep on top of. Unfortunately, government sites are not always resourced in the same way as private firms.

Last edited 3 months ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x