Hackers Sift Gaming, Social Networking Sites for Victims

Insecurely written software still looms as one of the greatest threats to Internet commerce, and user-generated Web content is becoming a vast new vulnerability hackers want to exploit, according to experts at RSA Conference. Cross-site scripting attacks on Web sites can lead to malware taking over the browsers of machines that use the sites, said Caleb Sima, a member of the Secure Software Forum and co-founder of SPI Dynamics. "If you're a business where users browse the Web [legitimately] and hackers take over a browser, they can use it as a tool to look at the internal network and send data outside the network," Sima said.

Similarly, this can lead to hackers stealing from individual users, he said. For instance, once a browser is commandeered, a hacker can learn passwords and activities an individual uses on the Internet. "They can go to stocktrader.com and trade your stock while you're logged in. It will do it and you won't know it," Sima said. Gaming sites and social networking sites are ripe for attacks because they have such large numbers of users who are routinely sending content to and from the sites. "If [hackers] find a vulnerability in a site, they can broadcast phishing attacks. They'll have millions and millions of victims available," he said.

View: The full story
News source: PCWorld

Report a problem with article
Next Article

Firefox popup exploit allows file snooping

Previous Article

Symantec Spots Exploit for Excel Zero-Day Flaw

Join the conversation!

Login or Sign Up to read and post a comment.

-1 Comments - Add comment