We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Media website exploits posted online

Web designers lack security training

Hackers have posted XSS (cross-site scripting) flaws from a number of high-profile media sites on a public message board, along with proof-of-concept code demonstrating how to exploit the flaws.

The posts follow media coverage last week of the 'Sla.ckers' messageboard, where users – who include software researchers and developers – began publicly posting exploit code for XSS flaws they'd found in high-profile websites such as MySpace, Photobucket and Dell and HP's sites.

Following the publicity, list users began paying closer attention to media sites, and posted flaws for the websites of Dark Reading, Fox News, The Independent, SC Magazine, ZDNet UK and others.

Dark Reading senior editor Kelly Jackson Higgins said the site was fixed shortly after the problem was reported. "We got the message loud and clear: don't assume you're immune to XSS vulnerabilities. They're everywhere," she wrote on the site.

XSS bugs have now overtaken buffer overflows as the top attack vector, according to US government researchers. Other research has confirmed that the focus for both attackers and the more benign folk of the Sla.ckers list has moved to web-based applications and systems.

This is partly because the more traditional vectors have become more difficult to exploit, and partly because websites, services and applications are relatively unprotected. Security experts have noted that most web designers don't have much security training, and that web vulnerabilities are quite common.

IDG UK Sites

Best Black Friday 2014 tech deals UK: Get bargains on phones, tablets, laptops and more this Black...

IDG UK Sites

Tomorrow's World today (or next year)

IDG UK Sites

25 iOS apps turn (Red) for World AIDS Day campaign

IDG UK Sites

Advanced tips for Mac OS X Yosemite: use Yosemite like an expert - 5 new tips added