Pixel Envy

Written by Nick Heer.

The FCC’s Website Was Accepting Uploads of Virtually Any File Type

You might have already seen this amazing PDF that appeared earlier tonight on fcc.gov:

Dear American citizenry,

We’re sorry Ajit Pai is such a filthy spineless cuck.

Sincerely,

The FCC

That’s it. That’s the whole statement, with the exception of some FCC-like letterhead. It’s looks pretty much like an authentic FCC document, and it’s hosted on fcc.gov, so why would you doubt its authenticity? Aside from, you know, how obviously ridiculous it is.

Guise Bule explains:

Somewhat incredibly I am the first tech writer on the planet to break this story, but even more incredibly the FCC lets you upload any file to their website and make that file publicly accessible using the FCC.gov domain.

[…]

People seem to be experimenting uploading different filetypes, so far they have managed pdf/gif/ELF/exe/mp4 files up to 25MB in size, which means that you could easily host malware on the FCC.gov website right now and use it in phishing campaigns that link to malware on a .gov website.

For years, we’ve been helping our family members navigate dangers on the web by pointing out things like the HTTPS icon in a browser, so they can be more certain that what they’re downloading or interacting with is legitimate. And what could be more legitimate than a .gov domain with an SSL certificate?