Article about XSS vulnerability resulted in NYT’s executing the code

May 5, 2009 - 7:55am | Fraud | News |

| More

Article about XSS vulnerability resulted in NYT’s executing the code

A ReadWriteWeb piece detailed several cross-site scripting (XSS) flaws in the McAfee Web site, caused the New York Times, who picked up the story, to redirect its readers to the ReadWriteWeb site .

XSS vulnerability (definition), a type of Web flaw that can be targeted to steal data in the article displayed on McAfee Web site caused the NYT website readers to be redirected to ReadWriteWeb site. Instead of displaying the sample code, the New York Times executed it as part of the page.

According to Lance James of Secure Science the NYT flaw could allow anyone whose stories get syndicated with the site (or anyone who hacks a story that gets syndicated) to abuse the security hole.

The ReadWriteWeb story's author, Lidija Davis, has changed the story displayed on the site to use a screen shot instead of text, but the NYT is still showing the original story when with the security problem.

Subscribe to Ecommerce Journal RSS feed

Tags keywords: code | New York Times | redirection | security flaw | vulnerability | XSS

0 points

Share this story

What are these?

Comments on Article about XSS vulnerability resulted in NYT’s executing the code

Similar Articles on Ecommerce Journal by sections

Most IT aware users fail to protect themselves against cyber attacks

Breach Security Inc.: SQL injections compromised 500,000 sites in 2008

Printed books are read faster than ebooks

55% of Internet users pay attantion to the security provider of the sites

Applications get less vulnerable while websites don’t, reports IBM

PAYMENT SYSTEMS

CheckFree lost control of its domains due to attack from Eastern Europe

LibertyReserve has partnered McAfee Secure to secure its services

V-money came back online

Ghana has launched a new mobile payment system

eBay has admitted its defeat with PayPal-only policy

Xi-Sign for secure banking is chosen by CFS

BNP Paribas clients can access NeoLink portal from their iPads now

Safe and secure mobile banking - it is possible!

HSBC will construct £300 million data centre in York

Barclays online banking goes down again

Beware!!! New XSS bugs of American Express

MasterCard launches Developer Zone website

Want to hack Oyster cards? Easily! Just read the instructions on the Internet

Main Street Softworks Inc. introduces CardShield data protection system

Barclaycard introduced new account servicing system for UK customers

ECOMMERCE-CHECKED

McAfee study: online security fears affect online shopping

Crutchfield cranks up AlertSite to monitor web and e-commerce performance

Social bookmarking links

hyperWALLET, a Canadian payment option (part 2)

ExoticFX review: a high success rate to make money online

INVESTMENT INDUSTRY

Admin of NanoMoneyCorp.com clarifies the problem with website access

Members of Goldenincome.biz Only Contribute towards Scammer’s Income

Mysurf4cash surf for nothing

Emmainvest closed

Business-is not exist

Article about XSS vulnerability resulted in NYT’s executing the code

McAfee’s products get a Citrix certification and now can protect XenApp

SSL certificates are vulnerable and can expose customers’ data

All Internet Explorer browser versions allow cookiejacking

Reject Adobe Reader for another PDF viewer if you want to evade cyber attack

No one wants to pay for news online? Paid content doomed to fail?

Paid online news at New York Times, a way to survival or to failure?

People who use plug-ins to block online ads and Flash banners ruin the Internet

Press release distribution: free and paid services

News Corp loses 4 million readers due to paid news online, but it's not bad

Nine security flaws patched in Firefox 3.0.9

See What Facebook Connect Looks Like ..

Modern applications like offline Gmail are vulnerable to SQL injections

Apple’s ignoring Mac security bug makes a hacker warn users

McAfee launches its McAfee Identity Protection for better security

D. Jackson from E-gold: “We suggest… Ponzi schemes.” Exclusive interview for ECJ

Interview with Opulentia investment program, exclusively for Ecommerce Journal

FxEconomy: "We have reached all the goals we have striven for..."

More questions answered: exclusive interview with Cliff Hopkins of PayPal

Interview With Dan Wigan, Invest-Manager

Craigslist launches a case against an attorney general

Craigslist to close "erotic services" section, still not enough for Andrew Cuomo

Want a class action suit against Apple and AT&T? Give your dropped calls data

Stolen credit data were available in blog

The US court shuts down websites for free distribution of pirated movie

Affiliate with Ecommerce Journal
© 2006 eCommerce Journal, All materials copied should be followed by a back-link to http://ecommerce-journal.com/.
Ecommerce Journal - more about virtual economy|e-commerce news | articles | forex news | trading news | stocks news
| banks | payment systems | payment processors | plastic cards | e-currency exchange | investment | cyber fraud |
gambling news | poker news | casino news | betting news | news free-lance | jobs | CV | ecommerce law aspects |
economic news | trading news | e commerce interview | merchant news | e-commerce history | business news | internet news
Any violation will be reviewed as crime and will be reported to corresponding law authorities. News sitemap