A relatively new hacking collective, TeamHav0k, launched an operation called “#OP XSS” in which they try to find cross-site scripting (XSS) vulnerabilities in major websites. The first results of the operation came in and it turns out that a lot of important sites contain the flaw the hackers were looking for.
A Pastebin document reveals that websites such as the ones belonging to Verizon, Huffington Post, European Organization for Nuclear Research (CERN) , Electronic Arts (EA), IGN and New York Times contain some design flaws.
Some education institutions were also found to contain XSS security holes, including University of Illinois, Harvard, Yale and Rockefeller University.
Telecoms company Verizon, media hosting company ImageShack, value calcu
http://news.softpedia.com/news/Hack...hack-NY-Times-Verizon-Vulnerable-247952.shtmllator and traffic estimator tool StatShow, Major League Gaming, and Dr Pepper complete the list.
Even though XSS vulnerabilities are among the most common ones found in commercial websites, this doesn’t mean they’re not dangerous. Cybercriminals can rely on these weaknesses to execute their own malicious codes and cause damage to the virtual assets of unsuspecting Internet users.
Fortunately, some web browsers protect their customers against these attacks. For instance, Internet Explorer 9 displays a warning message to reveal that the page is modified to prevent cross-site scripting.
Google Chrome also mitigates the attack, but Opera and Mozilla Firefox fail to do so, leaving their users exposed.
Read more ....