Wifi Password Recovery - UTM - Vulnerability Scanning


VIP LOUNGE
CLOUD LOGIN
Sun Sun Sun

You are here: News > News > Infestation of Security Bugs Invade British Websites

» IT Security NEWS
 
» 02 June 2009
Infestation of Security Bugs Invade British Websites
This week has been very chaotic thanks mostly to the recent rise of high-profile Internet vulnerabilities. Several bugs caused by the gross imprudence and negligence of web developers have found their way into the websites of three major British companies.

The website for the Telegraph and online banking sites for Barclays Group and HSBC have been caught unawares as hackers published screenshots and other details that demonstrated just how susceptible all three sites were to cyber attacks. They all contained bugs and vulnerabilities that could compromise the security of people who visit the properties.

Two days after the XSSed blog first reported a number cross-site scripting (also known as XSS) errors, the flaws still remained on HSBC's website on Monday afternoon California time. This vulnerability allows hackers to insert JavaScript and other content into HSBC pages simply by tricking a user into clicking a specially modified web address.

The XSSed blog further cautioned that cyber criminals can easily take advantage of these security holes by infecting bank customers and site visitors with malware as well as conducting phishing expeditions.

Because of the code flaws and the way the HSBC site was made, XSSed experts are able to overlay their own article and banner into a browser window perusing, say, the HSBC homepage for Hong Kong clients.

The researchers also commented that Barclays was susceptible to similar vulnerabilities, but as of Monday afternoon, the British conglomerate appears to have gotten its webmasters to fix the problem.

Members of the HackersBlog released details of an SQL injection bug in the main website for the Telegraph around the same time the XSSed report was published. The security hole looked especially troublesome because it exposed vulnerable system files to those who know how to insert database commands to a website address.

Jeremiah Grossman, the CTO of WhiteHat Security (a firm that focuses in web program protection) has surmised that more than two-thirds of sites suffer from at least one XSS bug. Such security holes will put them at increased danger of hacker attacks that can expose customer authentication cookies and allow rampant phishing sessions to happen.

In turn, Grossman concludes that 16 of the top 1,000 websites are affected by SQL injection bugs, which can cause web programs to become unable to sanitize characters entered into search boxes and other fields. This allows hackers to read or even edit database contents by piping commands directly into a site's exposed back end.

 


Reviews of SecPoint.com
 
 
 
 
 

Awards & Reviews
  

  

Subscribe to our Mailing List

Customer References


About
About
SecPoint
History
Mission Statement
Vision
Management
Investment
Bank
Sponsorship
Certificates
Environment
Environment
What is RoHS Weee?
Accounting
Values
Member of Organisations
Merchandise
SecPoint Certification
Design
Status Information
Hardware Vendors
Jobs
Environment
SecPoint on social media
Twitter Facebook Youtube
Products
Products
Protector
Cloud Protector
Penetrator
Portable Penetrator
Cloud Penetrator
Free IT Security Tools
Pricing
SecPoint Brochures
SecPoint Questions FAQ
SecPoint Datasheets
SecPoint SPID Library


Partners
Partners
Become a SecPoint Affiliate
Become a SecPoint Partner
SecPoint Franchising
SecPoint Partner Lounge
News
News
Press
Product Awards
SecPoint RSS Feeds


Contact
Contact
General Contact
IT Security Products Webshop
Latest SecPoint Software Images Change Log
SecPoint FAQ Frequently Asked Questions
SecPoint on Twitter
SecPoint Sales Training Videos
SecPoint Shipping Cost
SecPoint World Wide Shipping
Support
Solutions
Anti-Spam Appliance
UTM Appliance
Penetration Testing
Proxy Appliance
SAAS
Spam Filters
Vulnerability Assessment
Vulnerability Scanner
Vulnerability Scanning
Vulnerability Scanning Appliance
Web Content Filter
Web Filter Appliance
WiFi Hacking
How essential is vulnerability
management?
What is ...?

Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245