this post was submitted on 03 May 2026
132 points (99.3% liked)

Not The Onion

21439 readers
1598 users here now

Welcome

We're not The Onion! Not affiliated with them in any way! Not operated by them in any way! All the news here is real!

The Rules

Posts must be:

  1. Links to news stories from...
  2. ...credible sources, with...
  3. ...their original headlines, that...
  4. ...would make people who see the headline think, “That has got to be a story from The Onion, America’s Finest News Source.”

Please also avoid duplicates.

Comments and post content must abide by the server rules for Lemmy.world and generally abstain from trollish, bigoted, ableist, or otherwise disruptive behavior that makes this community less fun for everyone.

And that’s basically it!

founded 2 years ago
MODERATORS
kescusay@lemmy.world
132
2025-12-11: Porn Is Being Injected Into Government Websites Via Malicious PDFs (www.404media.co)
submitted 1 week ago by Aatube@kbin.melroy.org to c/nottheonion@lemmy.world
12 comments fedilink hide all child comments
 

The PDF, called “XnXX Video teachers fucking students Video porn Videos free XXX Hamster XnXX com” is unlike many of the other PDFs hosted on the city’s website, which include things like “2025-10-14 Council Minutes,” “Proposed Agenda 9-22-25,” and “Landlord Registration Form (1 & 2 unit dwelling).”

you are viewing a single comment's thread
view the rest of the comments
[–] daychilde@lemmy.world 22 points 1 week ago

So someone can upload a PDF and link to it externally? That's a REALLY dumb design. ANYTHING like that WILL be exploited.

I've been doing web stuff since 1996, and while for professional projects I take security seriously, over the years I've put stuff up - largely "security by obscurity"... it usually flies under the radar, but not always. I remember also somewhere around 2010-2015 I installed a URL shortener so I could create private short URLs. By default, you didn't have to log in to create one, which was convenient. And even though only I used it in places that wouldn't get much attention, it still got found and abused.

Anything widespread or with obvious flaws WILL get compromised and abused. It's a hard lesson to learn, but there's absolutely zero excuse for someone providing services to multiple government agencies to have an open system like that. That's embarassing for them.