Hackers Prove Website Weaknesses

Tuesday, January 24, 2012 @ 03:01 PM gHale


Once again, it bears repeating, if a hacker targets a specific organization, he will get in. That is what happened with a new hacking group called TeamHav0k, which launched an operation called “#OP XSS” where they try to find cross-site scripting (XSS) vulnerabilities in major websites.

They found them.

RELATED STORIES
Social Media a Fine Tool; Security Disaster
Motivated Hacker Always Gets In
Steel Giant Hacked; Info Leaked
Symantec: Hackers got Some Code

A Pastebin document showed sites such Verizon, Huffington Post, European Organization for Nuclear Research (CERN), Electronic Arts (EA), IGN and The New York Times contain design flaws.

Some education institutions also contained XSS security holes, including University of Illinois, Harvard, Yale and Rockefeller University.

Telecom company Verizon, media hosting company ImageShack, value calculator and traffic estimator tool StatShow, Major League Gaming, and Dr Pepper complete the list.

Even though XSS vulnerabilities are among the most common ones found in commercial websites, this doesn’t mean they’re not dangerous. Cyber criminals can rely on these weaknesses to execute their own malicious codes and cause damage to the virtual assets of Internet users.

Fortunately, some web browsers protect their customers against these attacks. For instance, Internet Explorer 8 and Internet Explorer 9 display a warning message to reveal a modified page to prevent cross-site scripting.

Google Chrome also mitigates the attack, but Opera and Mozilla Firefox fail to do so, leaving their users exposed.

As a word of caution, websites need to continuously work to secure their domains against these common flaws. Because of the large numbers of visitors they have each day, hackers could end up using them for malicious purposes.



Leave a Reply

You must be logged in to post a comment.