In a recent cybersecurity revelation, a Twitter user identified and publicly pointed out various vulnerabilities within the Perbadanan Tabung Pendidikan Tinggi Nasional (PTPTN) website. The reported issues encompassed cross-domain misconfigurations, the absence of anti-CSRF tokens, the lack of an anti-clickjacking header, and the presence of a vulnerable JavaScript library, among other concerns.
However, the response from the PTPTN representative took a surprising turn. In reply to the Twitter user's concerns, the PTPTN representative stated, "Referring to this post, PTPTN has examined the content of the post and found that it violates the Communications and Multimedia Act 1998, the Computer Crimes Act 1997, and the Personal Data Protection Act 2010." This unexpected response left many netizens taken aback.
Nevertheless, after a period of time, PTPTN removed the initial response and released a revised statement in reply to the tweet, stating: "PTPTN takes note and appreciates your concern regarding the matters raised. All suggestions and views expressed by you will be thoroughly examined and refined by our team promptly."
In the wake of this response, a considerable number of netizens and cybersecurity enthusiasts suggested the implementation of penetration tests for government websites to ensure better overall security.
What do you think of this incident? Comment below.
