计算机网络技术

Web News, Technology, Science, etc

网络技术是从1990年代中期发展起来的新技术,它把互联网上分散的资源融为有机整体,实现资源的全面共享和有机协作,使人们能够透明地使用资源的整体能力并按需获取信息。

IT 计算机信息网络安全技术:

New York Times Articles Before 2013 May Vulnerable to XSS Attack

 

New York Times articles’ pages dated before 2013 may suffer from an XSS (Cross-site Scripting) vulnerability, according to the report posted by security researcher Wang Jing. Wang is a mathematics Ph.D student from School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore. He published his discovery in well-known security mail list Full Disclosure.

 

According to Wang, all pages before 2013 that contain buttons such as “PRINT”,”SINGLE PAGE”, “Page” and “NEXT PAGE” are affected by the XSS vulnerability. Meanwhile, the researcher also published a proof of concept video to prove the existence of the XSS flaw.

 

As of yet, there are no known cases of criminals exploiting the Times’ XSS issue in order to attack users. However, according to Wang, the threat is possible, and the New York Times has a big enough audience that an XSS attack, even via its older articles, could still affect a broad number of users. The affected New York Times articles are still indexed in Google search engines, and are still frequently hyperlinked in other articles.

 

However according to the researcher, New York Times has now a much safer mechanism, implemented sometime in 2013, that sanitizes all URLs sent to its server.

 

Cross-site scripting (XSS) vulnerabilities usually reside in web applications and can be used by attackers to modify the normal flow of the web page. A cybercriminal can use it easily to perform URL redirect, mine for victim’s browser details, session hijacking, phishing, or even steal cookies.

 

XSS issues are not entirely uncommon. So far we have seen that Google, Amazon, Yahoo, Microsoft and Facebook all had this kind issue reported.

 
 



 

Related News:

http://www.tomsguide.com/us/xss-flaw-ny-times,news-19784.html

http://www.hotforsecurity.com/blog/cross-site-scripting-xss-vulnerability-in-new-york-times-articles-before-2013-10555.html

http://news.softpedia.com/news/XSS-Risk-Found-In-Links-to-New-York-Times-Articles-Prior-to-2013-462334.shtml

http://tetraph.com/security/xss-vulnerability/all-links-to-new-york-times-articles-prior-to-2013-vulnerable-to-xss-attacks/

http://japanbroad.blogspot.jp/2014/11/xss2013.html

http://mathpost.tumblr.com/post/103788575340/whitehatview-urls-to-articles-in-new-york-times

http://itsecurity.lofter.com/post/1cfbf9e7_6f57b38

http://canghaixiao.tumblr.com/post/118998729442/2013-xss

http://www.hotforsecurity.com/blog/cross-site-scripting-vulnerability-in-mozillas-cross-reference-sub-domains-10607.html

http://www.techenet.com/2014/12/doubleclick-do-google-pode-ser-vulneravel-a-ataques/

https://infoswift.wordpress.com/2014/11/09/new-york-times-xss/

http://germancast.blogspot.de/2014/11/alle-links-zu-new-york-times-artikel.html

http://diebiyi.com/articles/security/new-york-times-xss/

  


评论

热度(21)

  1. 白帽子安全IT 计算机&信息网络 技术 转载了此图片  到 竹意
  2. 白帽子安全IT 计算机&信息网络 技术 转载了此图片  到 测试想法
  3. 白帽子安全IT 计算机&信息网络 技术 转载了此图片  到 湛天雲海碧波影
  4. 白帽子安全IT 计算机&信息网络 技术 转载了此图片  到 文豆 & 文库
  5. 白帽子安全IT 计算机&信息网络 技术 转载了此图片
  6. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片  到 行者路上有風有雨有彩虹
  7. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片  到 绿意蛙鸣
  8. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片  到 IT 计算机&信息网络 技术
  9. 计算机网络技术IT 计算机信息网络安全技术 转载了此图片