Freedom Hacker on Mission

Tuesday, February 28, 2012 @ 01:02 PM gHale

A hacker named Freedom is going around to “secure” websites and finding vulnerabilities with ease.

Yves Saint Laurent (ysl.com), ABC (abc.go.com), and Sky Sports (skysports.com) are just a few of the sites where the hacker found issues.

RELATED STORIES
Hackers Find Global XSS Flaws
XSS Flaw in Skype Shop
Hacker Scopes Royal Navy, The Fed
Amnesty for CA Violations

“The first been ABCGO and this was a very easy XSS issue, the security of the site belongs in the trash can if you ask me,” the hacker told Softpedia.

The vulnerability that affects Sky Sports was easy to find by anyone with basic HTML skills, the hacker said.

Operation Freedom is what the hacker is calling his mission to find security holes on websites that claim they do everything to keep their users safe, also revealed a flaw in the official Yves Saint Laurent online store.

“Every day ppl onling buy products from online stores and these stores make millions on pounds/dollars every year and the user gets told it’s safe and secure shopping online, and here is a very good example of a store online of a very big brand that is well a security risk to people’s information and safety online,” he added.

Freedom identified a couple of vulnerabilities, that were also found by TeamHav0k a few days back, in official sites owned by sportswear manufacturers Puma and Adidas.

All the flaws went to the sites’ owners, but as in many cases, grey hat hackers end up ignored when they contact administrators.

“All of these companies make millions every year and there security is not up to scratch. All of these XSS issues could be abused to use users to commit illegal activities, crimes, if abused in the right way. When I say they where easy, I found all 4 of them in 10 mins. For websites that sell stuff and users use there credit cards on, it’s an abomination,” the hacker said.



Leave a Reply

You must be logged in to post a comment.