All the latest UK technology news, reviews and analysis
|
|
|
05 Jan 2010
Security experts are warning web site administrators to be more alert to the dangers of cross site scripting (XSS) attacks after it was revealed that the Spanish EU presidency site and the official site of the Iranian president have been hacked.
Hackers yesterday took advantage of XSS vulnerabilities to compromise the site of the Spanish presidency of the EU, posting a picture of Spanish prime minister lookalike Mr Bean on the site.
Although there appears to have been no malicious intent, the dangers of XSS attacks should not be underestimated, according to Rik Ferguson, senior security advisor at Trend Micro.
"XSS vulnerabilities allow attackers to inject code into innocent web pages in which it would not otherwise appear. This can be used to steal information such as logins or banking credentials, redirect users to malicious web sites or even to directly infect visitors to the site," explained Ferguson in a blog posting.
"The real problem is that many web site admins are unaware of the dangers, and even some security companies continue to underestimate and downplay the importance of XSS vulnerabilities and attacks."
In a separate attack, details of which have yet to fully emerge, the official web site of President Ahmadinejad of Iran appears to have been hacked by parties hostile to the current administration.
According to Ferguson, the site is currently hosting a file called 'owned.txt' at the URL www.ahmadinejad.ir/userfiles/file/owned.txt, which reads:
"Dear God, In 2009 you took my favorite singer - Michael Jackson, my favorite actress - Farrah Fawcett, my favorite actor - Patrick Swayze, my favorite voice - Neda. Please, please, don't forget my favorite politician - Ahmadinejad and my favorite dictator - Khamenei in the year 2010. Thank you."
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Service Manager - Technology Managed Services, Service...
Reporting to the Managing Director, the role of the Client...
Senior Technical Support/ Support Engineer...
Job Purpose To analyse system requirements...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Cybersecurity threats
Very interesting story, and luckily in this case there was no malicious intent. Nonetheless, cybersecurity is an incredibly important issue and needs to be discussed in order to determine best practice procedures for both industry and governments. An upcoming conference in Washington D.C. brings together experts ranging from federal officials to business executives in a debate regarding cybersecurity policy and how to safeguard against exactly these type of attacks. For more information, please visit our website: http://www.stevens.edu/cyberpolicy/
Posted by: Doug 05 Jan 2010