Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If that's the case, they are being sloppy, considering that everything under www.google.com is proxied through their servers, not just specific reCAPTCHA assets.

Gmail by NSA: https://captcha.nsa.gov/intl/us/gmail/about/

They're inheriting a considerable part of Google's attack surface. For example, Google's open redirects could be used to bypass origin checks as part of an attack on nsa.gov, or to phish NSA employees.



My favorite so far: https://captcha.nsa.gov/logos/2019/loteria/rc2/loteria19.htm...


For me (in Sweden) that URL seems to just redirect to https://www.nsa.gov/?hl=en ...


They appear to have change something in the past few minutes. When I first opened this HN thread it showed me Google's homepage. Now I'm also seeing that redirect.


You can just replace captcha.nsa.gov with www.google.com to see what it used to serve up: https://www.google.com/logos/2019/loteria/rc2/loteria19.html...


NSA has just shut down the proxy. The link was a Google Doodles game.


Somebody possibly got a written up for this.


NBD... Just a quick test in PROD.... ಠ_ಠ


"No no, we just put it out to 'the public', that's BETA, not PROD..." -- some startup guy at the NSA...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: