BetaONE will rise again!


Reply
  #1  
Old 1st Jul 06, 07:30 PM
NewsBot's Avatar
NewsBot NewsBot is offline
Senior Member
 
Join Date: Oct 2004
Posts: 30,940
NewsBot will become famous soon enough
Security Researcher Goes Public with MSN and Amazon Flaws
Frustrated with what he calls a lack of response from Microsoft and Amazon.com, a security researcher has gone public with details of flaws on the two companies' Web sites. The flaws could be used by attackers to steal "cookie" data files that would allow them to access Amazon.com and MSN accounts, or to display a fake login page that could be used in phishing attacks, according to Yash Kadakia, the independent security researcher who discovered the flaws.Although the cross-site scripting flaws he discovered are generally considered to be low-risk problems, Kadakia's attack involves a technique called CRLF (Carriage Return Line Feed) injection, which can be used in a more serious and widespread attack, he said.Kadakia said he first notified Microsoft of the problem about a year ago. But he said he was not taken seriously until late last week, when he posted screen shots of the flaw being exploited on his Web site.The Amazon.com flaw was discovered in December, but after some initial discussions with the Web retailer, the vulnerability remained unpatched, Kadakia said. "The conversations got dropped off somewhere," he said.A spokesman for Microsoft's public relations agency said the flaws were now being investigated. Amazon.com executives were unable to comment for this story.Though Microsoft has made much of its focus on security, the company appears to be slower at dealing with security issues relating to its Web properties than with its software products, said Stefano Zanero, the co-founder and chief technology officer at security consultancy Secure Network SRL. View: Full Article News source: PCWorld Read full story...



News source: Full Story
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump


All times are GMT +1. The time now is 06:06 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.