All the latest UK technology news, reviews and analysis
|
|
|
27 Jul 2006
Online vandals have hacked the Netscape.com service using a cross-site scripting attack.
The site was recently relaunched as a social book-marking service. It is generally considered a copy of the popular Digg.com website.
Netscape visitors on Wednesday were presented with pop-up messages, one of which stated: 'This site sucks. Go here instead'. Clicking on the message led users to Digg.com.
The Netscape service allows users to nominate news items that they believe should be featured on the site's front page. The attackers added JavaScript code into their submissions to trigger the pop-ups.
Cross-site scripting attacks form a growing threat for online applications. Google repaired a vulnerability in its Gmail service earlier this year that executed JavaScript pasted into an email message.
The vulnerability could have allowed an attacker to gather email addresses from the user's address book or gain full access to an account.
Cross-site scripting attacks are easily prevented by scrubbing submissions for JavaScript and other code, or by preventing all code from being executed.
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Position: Infrastructure Technical Lead Experience...
Channel Manager / Sales Manager /Software solutions...
BUSINESS SALES / IT SALES / BUSINESS CONSULTANT / LONDON...
TECHNICAL SALES / ACCOUNT EXECUTIVE / SOFTWARE SALES...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?