Announcing security bugs on MSN and Amazon
Angered by Microsoft's indifferent and irresponsible attitude and Amazon, a security researcher has published details of security flaws that exist on their two websites.
Yash Kadakia - an independent security researcher - has discovered these security flaws.
According to the researcher, these security flaws can be exploited by hackers to steal cookies and data files, allowing them to gain access to accounts on Amazon.com and MSN.com websites or for displaying a fake login site serving the purpose of phishing attacks.
The security flaws discovered by Kadakia are all errors in cross-site scripting (cross-site scripting). These are security flaws that are considered to have a high degree of danger.
MSN security vulnerability is exploited by Kadakia
But this expert's test attacks use a technique called CRLF (Carriage Return Line Feed) Injection. This technique can be used in dangerous attacks and has a wider range of influences.
Kadakia said it reported this security error to Microsoft about a year ago. Similarly, the security error on Amazon.com has been discovered since December last year but has not been fixed yet. Therefore, over the weekend, this independent security researcher decided to make the problem more serious when he decided to publish images of these security flaws that were exploited on his personal website . Maybe this move of Kadakia is aimed at attracting the attention of the two companies Microsoft and Amazon that they have to overcome the above security flaws.
Security bugs on Amazon are exploited by Kadakia
Shortly thereafter, a Microsoft spokesman said the company is currently investigating further the security bug discovered by Kadakia. Meanwhile, Amazon has not had any official comment.
But Kadakia said both Amazon and Microsoft are fixing the above security flaws.
Web security flaws are similar to those discovered by Kadakia experts that existed and were detected on the Internet long ago. However, hackers pay close attention to exploiting security flaws in the operating system. But now that the security flaws in the operating system are increasingly hard to detect, hackers have begun to return to search in new ways, including web applications. And more and more web security bugs are discovered.
Earlier this month, a computer worm attacked Yahoo's web-based e-mail service server. With the name JS.Yamanner@m , this worm has not caused widespread damage but itself has attracted attention to web application security errors.
The slow response of Microsoft and Amazon showed that web security errors have not received adequate attention. Security bugs exist on the world's best-viewed websites.
Hoang Dung
- Apple fixes 26 Mac OS X security bugs
- Security flaws are revealed only as
- Microsoft patches a lot of Windows errors
- OpenOffice fixes three security bugs
- Mozilla denies security flaws in Firefox 2
- Apple bit 54 software security errors
- 'Rain of security bugs' in ActiveX
- The secret to destroy bed bugs without chemicals
- Sophos discloses bugs in security software
- Mozilla patched a series of product security bugs
- 'Month of security bugs' aimed at Google, Yahoo !, MSN
- Apple Safari has 18 security bugs?