Posts Tagged ‘Cross Site Scripting’

Social Networks Targeted by Hackers More Often than Government & Law Agencies in ’09

by FireHost Evangelist on August 21st, 2009

This year, social networking sites have become popular targets for cyber crime according to a study of hacking episodes by Web Hacking Incidents Database (WHID). This is a shift from 2008 when government and law enforcement agencies were the most enticing targets.

socialTargets

Security experts believe social networks like Twitter and Facebook are targeted because of the sheer number of users. Defacement is the most common motivation for ego-driven hackers, and these high traffic, high involvement communities are a great way to disrupt many victims at once.

A study by Webroot sheds light on a few other reasons why social networks make a ripe targets for hackers.

  • 36% of social networkers admit they don’t hide personal information
  • 33% admit to using the same password for all of their online accounts
  • 28% accept “friend requests” from strangers

With such a high percent of social networking users being unaware of the dangers, “hackers lure users into taking actions they shouldn’t by making it appear as if a friend within their social netowrk has sent them a message – only the message is from a hacker who has hijacked the friend’s account,” warns Mike Kronenberg CTO of Webroot’s Consumer Business division.

(more…)

Tags: , , , ,
Posted in: Security | No Comments »

The Nuisance and Threat of Cross-Site Scripting (XSS)

by FireHost Evangelist on June 5th, 2009

misquito2Recently, Brian Krebs from the Washington Post reported that thousands of insecure websites were identified last year, many of which contained cross-site scripting (XSS) vulnerabilities. The stunning revelation in this report is the sheer number of websites that harbor the cross-site scripting (XSS) vulnerability.

Xssed.com lists nearly 13,000 Web pages that hosted cross-site scripting vulnerabilities, including a large number at trusted and high-traffic Web sites such as yahoo.com, google.com, msn.com, myspace.com and facebook.com, and cnn.com.”

(more…)

Tags: , ,
Posted in: Security | No Comments »

Are you at risk of a cross-site scripting attack?

by FireHost Evangelist on April 28th, 2009

xss-threat3In basic terms, cross-site scripting (XSS) is a popular method of attacking a website’s application vulnerabilities by injecting target websites with malicious code. The goal is typically to embed a program which steals data, leading to credit card or identity theft. During these attacks, affected websites appear perfectly normal to visitors, who continue to use the website as they normally would.

Consider this example:

Mary frequently visits an online shopping website. One day, hackers use a cross-site scripting attack on the website, embedding malicious code. Mary returns to the website and buys a pair of new shoes, unknowingly passing her confidential information to hackers. Before she realizes what happened, someone has stolen her identity and ruined her credit.

Every business owner has more important things to do than mitigate a very public theft of your customer’s personal data, so make securing your customer data a priority today.

Unfortunately for consumers and businesses, many hosting providers don’t take effective measures to prevent cross-site scripting (XSS) attacks on their clients. If your hosting provider doesn’t address cross-site scripting attacks (XSS) properly, your company’s website could easily fall prey to hackers and expose your customer’s personal information.

Security is the primary focus at FireHost. We pride ourselves on providing industry-leading secure hosting, which includes a WAF to prevent cross-site scripting (XSS). This hardware security device stops hackers from exploiting web applications, securing your website, business, and customers from cross-site scripting (XSS) attacks.

To discover more about our secure hosting and prevention of cross-site scripting (XSS), contact a FireHost Agent today.

Tags: , , , , ,
Posted in: Web Hosting | No Comments »