Hackers Prove EA, IGN, ImageShack, NY Times, Verizon Vulnerable

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Softpedia said:
A relatively new hacking collective, TeamHav0k, launched an operation called “#OP XSS” in which they try to find cross-site scripting (XSS) vulnerabilities in major websites. The first results of the operation came in and it turns out that a lot of important sites contain the flaw the hackers were looking for.

A Pastebin document reveals that websites such as the ones belonging to Verizon, Huffington Post, European Organization for Nuclear Research (CERN) , Electronic Arts (EA), IGN and New York Times contain some design flaws.

Some education institutions were also found to contain XSS security holes, including University of Illinois, Harvard, Yale and Rockefeller University.

Telecoms company Verizon, media hosting company ImageShack, value calcuhttp://news.softpedia.com/news/Hack...hack-NY-Times-Verizon-Vulnerable-247952.shtmllator and traffic estimator tool StatShow, Major League Gaming, and Dr Pepper complete the list.


Even though XSS vulnerabilities are among the most common ones found in commercial websites, this doesn’t mean they’re not dangerous. Cybercriminals can rely on these weaknesses to execute their own malicious codes and cause damage to the virtual assets of unsuspecting Internet users.

Fortunately, some web browsers protect their customers against these attacks. For instance, Internet Explorer 9 displays a warning message to reveal that the page is modified to prevent cross-site scripting.

Google Chrome also mitigates the attack, but Opera and Mozilla Firefox fail to do so, leaving their users exposed.

Read more ....
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Well the good news here is that the modern web browsers should be able to stop a XSS attack....nevertheless this vulnerabilities need to be fixed.
Have to wonder why the hackers reported the vulnerability instead of actually exploiting them.... ?
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Jack, because these hackers are 'Ethical hackers'.

Look here:
XSS Vulnerability found in MSN and Myspace by Ethical Hackers Vansh &Vaibhuv: by Ehackingnews.com: http://www.ehackingnews.com/2012/01/xss-vulnerability-found-in-msn-and.html

Quote:
'Ethical Hacker Vansh Sharma and his brother Vaibhuv Sharma discovered a Reflected XSS vulnerability in MSN and MySpace sites. Recently, he discovered XSS Vulnerability in ehackingnews and google apps sites.'

Then look here:
XSS Vulnerability found in google Apps by Vansh sharma: http://www.ehackingnews.com/2012/01/xss-vulnerability-found-in-google-apps.html

Quote:
'Ethical Hacker "Vansh sharma" and his brother(Vaibhuv sharma) found a reflected XSS vulnerability in Google apps site.'

'They have informed to google about the vulnerability.' - because they are 'Ethical', OK.?;)
.
 

HeffeD

Level 1
Feb 28, 2011
1,690
Google Chrome also mitigates the attack, but Opera and Mozilla Firefox fail to do so, leaving their users exposed.

Firefox users can use the AdBlock Plus, NoScript, or RequestPolicy extensions to protect themselves from XSS attacks.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
For Mozilla Firefox it does not have strong security features built in so with the power of famous addons surely they were protected in attacks. Even in Opera since some addons that could function to mitigate attacks for XSS.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top