We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Media website exploits posted online

Web designers lack security training

Hackers have posted XSS (cross-site scripting) flaws from a number of high-profile media sites on a public message board, along with proof-of-concept code demonstrating how to exploit the flaws.

The posts follow media coverage last week of the 'Sla.ckers' messageboard, where users – who include software researchers and developers – began publicly posting exploit code for XSS flaws they'd found in high-profile websites such as MySpace, Photobucket and Dell and HP's sites.

Following the publicity, list users began paying closer attention to media sites, and posted flaws for the websites of Dark Reading, Fox News, The Independent, SC Magazine, ZDNet UK and others.

Dark Reading senior editor Kelly Jackson Higgins said the site was fixed shortly after the problem was reported. "We got the message loud and clear: don't assume you're immune to XSS vulnerabilities. They're everywhere," she wrote on the site.

XSS bugs have now overtaken buffer overflows as the top attack vector, according to US government researchers. Other research has confirmed that the focus for both attackers and the more benign folk of the Sla.ckers list has moved to web-based applications and systems.

This is partly because the more traditional vectors have become more difficult to exploit, and partly because websites, services and applications are relatively unprotected. Security experts have noted that most web designers don't have much security training, and that web vulnerabilities are quite common.


IDG UK Sites

Nokia branding killed in place of 'Microsoft Lumia': Windows Phone moves into new era

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Halloween Photoshop tutorials: 13 masterclasses for horrifying art, designs and type

IDG UK Sites

Should you update your iPhone or iPad to iOS 8? iOS 8.1 brings back Camera Roll, adds Apple Pay in...