We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Media website exploits posted online

Web designers lack security training

Hackers have posted XSS (cross-site scripting) flaws from a number of high-profile media sites on a public message board, along with proof-of-concept code demonstrating how to exploit the flaws.

The posts follow media coverage last week of the 'Sla.ckers' messageboard, where users – who include software researchers and developers – began publicly posting exploit code for XSS flaws they'd found in high-profile websites such as MySpace, Photobucket and Dell and HP's sites.

Following the publicity, list users began paying closer attention to media sites, and posted flaws for the websites of Dark Reading, Fox News, The Independent, SC Magazine, ZDNet UK and others.

Dark Reading senior editor Kelly Jackson Higgins said the site was fixed shortly after the problem was reported. "We got the message loud and clear: don't assume you're immune to XSS vulnerabilities. They're everywhere," she wrote on the site.

XSS bugs have now overtaken buffer overflows as the top attack vector, according to US government researchers. Other research has confirmed that the focus for both attackers and the more benign folk of the Sla.ckers list has moved to web-based applications and systems.

This is partly because the more traditional vectors have become more difficult to exploit, and partly because websites, services and applications are relatively unprotected. Security experts have noted that most web designers don't have much security training, and that web vulnerabilities are quite common.


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite