We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,785 News Articles

Media website exploits posted online

Web designers lack security training

Hackers have posted XSS (cross-site scripting) flaws from a number of high-profile media sites on a public message board, along with proof-of-concept code demonstrating how to exploit the flaws.

The posts follow media coverage last week of the 'Sla.ckers' messageboard, where users – who include software researchers and developers – began publicly posting exploit code for XSS flaws they'd found in high-profile websites such as MySpace, Photobucket and Dell and HP's sites.

Following the publicity, list users began paying closer attention to media sites, and posted flaws for the websites of Dark Reading, Fox News, The Independent, SC Magazine, ZDNet UK and others.

Dark Reading senior editor Kelly Jackson Higgins said the site was fixed shortly after the problem was reported. "We got the message loud and clear: don't assume you're immune to XSS vulnerabilities. They're everywhere," she wrote on the site.

XSS bugs have now overtaken buffer overflows as the top attack vector, according to US government researchers. Other research has confirmed that the focus for both attackers and the more benign folk of the Sla.ckers list has moved to web-based applications and systems.

This is partly because the more traditional vectors have become more difficult to exploit, and partly because websites, services and applications are relatively unprotected. Security experts have noted that most web designers don't have much security training, and that web vulnerabilities are quite common.


IDG UK Sites

3 of the best portable chargers: a solar power charger, a hand-cranked charger, and how to charge...

IDG UK Sites

iOS 8 review: Hands on with the iOS 8 beta

IDG UK Sites

Thinking robots: The philosophy of artificial intelligence and evolving technology

IDG UK Sites

Sharknado 2 VFX: how The Asylum created CG flying man-eating sharks