Hackers exploit poor website code

Web designers making very old mistakes are letting malicious hackers hijack visitors to their sites, say experts. Many of the loopholes left in the code created for websites have been known about for almost a decade say the security researchers. The poor practices are proving very attractive to hi-tech criminals looking for a ready source of victims.

According to Symantec the number of sites vulnerable in this way almost doubled during the last half of 2007.

Kevin Hogan, director of security operations at Symantec, said the bug-ridden web code was putting visitors to many entirely innocent sites at risk. "It overturns the whole notion that if you stay away from gambling and porn sites you are okay," he said. The attack that a malicious hacker can carry out via these web code vulnerabilities is known as cross-site scripting (abbreviated as XSS).

View: BBC News

Report a problem with article
Previous Story

Two held over undersea cable damage

Next Story

Google, Salesforce Tie Up With Apps

8 Comments

Commenting is disabled on this article.

When were porn or gambling sites dangerous?

Who the hell ever told someone that "if you want to be safe, stay away from those evil porn and gambling sites!" ??

Lazy and ignorant people are un-safe. It doesn't matter what kind of sites they visit.

"It overturns the whole notion that if you stay away from gambling and porn sites you are okay,"

Ahhh, Symantec at their finest. Only a moron thinks that every site that's not porn or gambling is safe.

Seriously, how do these people get jobs????

(C_Guy said @ #3)
"It overturns the whole notion that if you stay away from gambling and porn sites you are okay,"

Ahhh, Symantec at their finest. Only a moron thinks that every site that's not porn or gambling is safe.

Seriously, how do these people get jobs????

I wonder if it was just an attempt by a religious group trying to get their message across.

Obviously visiting any gambling, porn, or abortion-related sites will destroy your computer. God does this because you deserve punishment for your wicked ways.

XSS attacks are neutered by Firefox + NoScript. Of course if trusted sites are affected by shoddy coding, then no browser (IE 7 Protected Mode?) can save you.