Rivalry between media websites results in Netscape being hacked via an XSS attack

Released on = July 28, 2006, 7:03 am

Press Release Author = Tamara Borg / Acunetix

Industry = Computers

Press Release Summary = Acunetix scans for Cross-Site Scripting vulnerabilities
preventing website defacement

Press Release Body = London, UK - 28 July, 2006 - Netscape.com, an online social
media website, has been hacked through a cross-site scripting (XSS) vulnerability in
their recently launched news service. It is reported that the attack was launched by
fans of Digg.com, a competing social networking website. The hackers used the XSS
vulnerability to inject their own JavaScript code into the homepage and other pages
on the site.

The hack was discovered by Finnish security vendor (F-Secure), during their research
work around cross-site scripting vulnerabilities on social networking sites. Digg
fans used cross-site scripting attacks to display JavaScript pop-up alerts with
\"comical\" messages aimed at redirecting visitors to their site. Fortunately no
malicious code was injected. Netscape released a statement yesterday afternoon
stating that the vulnerability had been patched and that visitors are once again
safe.

Acunetix Web Vulnerability Scanner automatically audits web applications and checks
whether these applications are secure from exploitable vulnerabilities to such hack
attacks as cross site scripting. Although Netscape has now fixed the flaw, an
automated check of Netscape's website (using Acunetix WVS) could have prevented this
attack and saved the company from denting its reputation and the subsequent loss of
customer trust. Furthermore, hackers could have injected code aimed at stealing
personal customer data rather than defacement. Most hackers, nowadays, attack
websites because of the payoff from stealing such sensitive data as credit cards and
social security numbers.

Acunetix provides free audit to help companies determine the security of their websites

Enterprises who would like to have their website security checked can register for a
free audit by visiting www.acunetix.com/security-audit. Participating enterprises
will receive a summary audit report showing whether their website is secure or not.
Summary reports will be delivered within five business days of submission.

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically
checking for SQL injection, Cross site scripting and other vulnerabilities. It
checks password strength on authentication pages and automatically audits shopping
carts, forms, dynamic content and other web applications. As the scan is being
completed, the software produces detailed reports that pinpoint where
vulnerabilities exist.

About Acunetix

Acunetix was founded to combat the alarming rise in web attacks. Its flagship
product, Acunetix Web Vulnerability Scanner, is the result of several years of
development by a team of highly experienced security developers. Acunetix is a
privately held company with headquarters based in Europe (Malta), a US office in
Seattle, Washington and an office in London, UK. For more information about
Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.

Web Site = http://http://www.acunetix.com/news/netscape.htm

Contact Details =
For more information:
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712; Fax: (+44) 0845 6126716.
URL: http://www.acunetix.com

  • Printer Friendly Format
  • Back to previous page...
  • Back to home page...
  • Submit your press releases...
  •