Web Hosting News

  Home arrow Web Hosting News arrow Page 3 - More Malware?
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

More Malware?
By: Michael Lowry
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 3

    Table of Contents:
  • More Malware?
  • Robot Zombies
  • The Definition of Hacker Safe
  • More Problems

  • Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article




    More Malware? - The Definition of Hacker Safe

    (Page 3 of 4 )

    According to an article in Information Week, at least “60 Web sites certified to be 'Hacker Safe' by McAffee's ScanAlert service have been vulnerable to cross-site scripting (XSS) attacks over the past year, including the ScanAlert Web site itself.” ScanAlert has since fixed their problem, but other sites are still vulnerable. However, “Joseph Pierini, director of enterprise services for the ScanAlert 'Hacker Safe' program, maintains that XSS vulnerabilities can't be used to hack a server.”

    The problem with Pierini's statement arises when you look at how important the database server actually is to a hacker. It would seem that they would still be able to compromise users with XSS while they do business on the site. As long as the user is transferring sensitive information, a “Hacker Safe” server will be of no consequence.

    Slowing down for a second, cross-site scripting is when malicious hackers are able to inject code into compromised web applications. If exploited properly by a hacker, they will be able to get around certain access controls like the same origin policy, which makes sure scripts are loaded and modified from the same origin. This can be especially useful for hackers in client-side scripts, because they are more likely to offer a user's sensitive information.

    In the article, Oliver Friedrichs, director of Symantec Security Response said that XSS vulnerabilities are dangerous, but they “are site-specific, and therefore their life cycle is limited; they become extinct once they're discovered and repaired by the Web site owners.” The question is, how long will this take? Will ScanAlert notify them or will they have to read it in an article, or worse, hear it from an angry customer?

    He also claims that “XSS vulnerabilities aren't material to a site's certification,” but the ScanAlert web site says that it is part of the certification process; these are then exercised in specific ways to disclose any application-level vulnerabilities such as code revelation, cross-site scripting and SQL injection. It seems also that the compromised web sites were found with the most general XSS vulnerabilities, something that ScanAlert should be able to find.

    Please keep reading to see why one company thinks ScanAlert's methods, and the methods of companies like them, aren't as effective as they could be.

    More Web Hosting News Articles
    More By Michael Lowry


    - FreedomPop Offering Open Wi-Fi Service
    - Go Daddy Goes to India
    - Netelligent, Savvis Add New Canadian Web Hos...
    - World IPv6 Launch Happens Today
    - IT Teams Struggle to Keep Pace with Malware
    - Lulz Security Hacks CIA, Takes Requests
    - Apple Unveils iCloud
    - Rackspace Introduces Cloud Load Balancers
    - Amazon Offers Cloud Drive, Disses Music Indu...
    - New Android.Pjapps Trojan
    - Copyright Fight over Hurt Locker Downloads I...
    - Data Reveals Many Browsers Remain Unpatched
    - PandaLabs Report - What Happens to Stolen In...
    - Safari Books Online Review
    - Hackers Targeting Human Rights Groups

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap