Cross site attacks on rise
Social networking sites present greatest danger to scripting threats
Many companies’ web servers and web-based applications are vulnerable to cross-site scripting attacks, according to recent Internet security tests conducted by vendor NTA Monitor.
And a new cross-site scripting method is beginning to appear on social networking sites, blogs and forums.
Any company or organisation allowing its employees access to interactive social websites, blogs and forums while at work could be affected because visitors to these sites may not be aware of the legitimacy of the company that owns the site, says the report.
'Attackers are creating websites in which they embed malicious code to track a visitor’s searches, usernames and passwords. The code can affect a visitor’s PC without their knowledge and can quickly spread to other visitors’ machines,' said NTA Monitor technical director Roy Hills.
'The flaw arises when information submitted by users is not properly stripped of HTML tags, enabling an attacker to embed malicious code on a website and when the site is accessed, the code will execute code in a user’s browser.
'A user may be redirected to a fake website or have their login or user information compromised. In the worst cases, users’ computers can be compromised,' he said.
What do you think? Email us at [email protected]
Further Reading: