Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Amazon patches nasty cross-site scripting (XSS) security vulnerability

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 26, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Amazon said this morning that it has patched some critical cross-site scripting (XSS) security vulnerabilities on its platform that exposed customer accounts to hijacking and other security issues.

In an initiative, a Brazilian hacker using the handle @BruteLogic published the then-zero-day flaw to Saturday but without tipping off Amazon first handedly as he probably should have.

Amazon then talked about the flaws a little over two days later. The time between the security flaw's disclosure and the patch applied was a chance for Amazon accounts to be compromised and web browsers exploited, and unfortunately, that's just what happened.

The hacker's reasoning for full disclosure was that Amazon didn't pay cash for bug bounty reports.

He says the security vulnerability allowed attacks to view Amazon user credit cards and then to purchase items in their names, provided a victim clicked on a crafted malicious link.

Amazon has been contacted for comment. This isn't the first time we report about such a similar event-- it happended a few times in the past and will most likely again happen in the near future.

Overall, cross-site scripting security vulnerabilities are a persistent and frequent issue on internet assets.

It allows hackers to quietly target victims using vulnerable web applications that do not properly check various inputs.

To be sure, the Open Web Application Security Project places XSS as the third worst application security problems behind broken authentication and SQL injection attempts.

"An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way of knowing that the script shouldn't be trusted, and will simply execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page," he added.

That critical security flaw follows Amazon's September blunder after it reintroduced a hole in its Kindle management page that could have allowed attackers to inject malware into a book's title which could have commandeered user accounts in a very nasty way.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer