Vulnerabilities on EBay.co.uk may Attract Cyber CriminalsA security researcher, nicknamed "Methodman" highlighted certain severe security flaws affecting website Ebay.co.uk, as reported by xssed.com on April 3, 2009. The first in the list is cross-site scripting vulnerability, cropping up from inferior security validation which can inject malicious code into the webpage. Cyber criminals can use this to inject JavaScript so as to redirect users to eBay scam pages and thus, tricking them into phishing. Scammers can exploit this very JavaScript code to spread malware by means of clickjacking. Clickjacking is a malicious way to dodge web users into disclosing their sensitive information or at certain instances, to gain access over user's system while visiting an apparently safe webpage, stated Methodman. Secondly, this aforementioned flaw can also be exploited to steal session cookies that means if a scammer is able to obtain tiny strips of data, stored on users' web browser containing users' settings, he (scammer) can act as the genuine user and can perform online transactions in the name of that user. Moreover, attacker can also abuse a "directory traversal" vulnerability arising due to inadequate security validation, i.e. refining of user-supplied input. Giving the details of this particular vulnerability, Methodman stated that attackers use this attack to go through the files on the Internet servers like password files and SSL private keys. Methodman partly marked the links of vulnerable webpages in the screenshots furnished by it to eBay in order to clarify to the site which webpages are problematic and can be exploited to launch malware attacks. Related article: Vulnerabilities in Web Applications Invite Hackers’ Activities » SPAMfighter News - 4/10/2009 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!



