Online vandals have hacked the Netscape.com service using a cross-site scripting attack.
The site was recently relaunched as a social book-marking service. It is generally considered a copy of the popular Digg.com website.
Netscape is generally considered a copy of the popular Digg
Digg fans hack copy-cat Netscape
Netscape.com falls victim to cross-site scripting attack
vnunet.com, 27 Jul 2006
Advertisement
Netscape visitors on Wednesday were presented with pop-up messages, one of which stated: 'This site sucks. Go here instead'. Clicking on the message led users to Digg.com.
The Netscape service allows users to nominate news items that they believe should be featured on the site's front page. The attackers added JavaScript code into their submissions to trigger the pop-ups.
Cross-site scripting attacks form a growing threat for online applications. Google repaired a vulnerability in its Gmail service earlier this year that executed JavaScript pasted into an email message.
The vulnerability could have allowed an attacker to gather email addresses from the user's address book or gain full access to an account.
Cross-site scripting attacks are easily prevented by scrubbing submissions for JavaScript and other code, or by preventing all code from being executed.
Tags:
Further reading
Related whitepapers
Related jobs
Most read stories
Most commented stories
Most watched
Video Review: Sony Ericsson Xperia X1
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
Advertisement
Advertisement
Hiring now on ComputingCareers:
Spotlight
V3.co.uk weekly debrief, 10 July 09
This week Conservative Party plans for decentralised data storage and...
SME tech sales tough despite projected success
Midmarket organisations still tend to rely on manual processes
Secondary navigation
Do you agree?
Have your say on this article