Many companies’ web servers and web-based applications
are vulnerable to cross site scripting attacks, internet security
firm NTA Monitor has found.
Research from the company has found that cross site scripting is
beginning to appear on social networking sites, blogs and
forums.
Roy Hills, technical director at NTA Monitor, said, “Attackers
are creating websites in which they embed malicious code to track a
visitor’s searches, usernames and passwords. The code can affect a
visitor’s PC without their knowledge and can quickly spread to
other visitors’ machines.”
Cross site script can occur when information submitted by users
is not properly stripped of HTML tags, enabling an attacker to
embed malicious code on a website, Hill said. “When the website is
accessed, the code will execute code in a user’s browser.
"A user may be redirected to a fake website or have their login
or user information compromised. In the worst cases, users’
computers can be compromised.”
According to NTA Monitor it can be difficult to identify the
malicious code, as browsers do not currently identify malware.
To avoid being caught Hills suggested IT directors ensure that
staff install, run and update anti-spyware and anti-malware
programs and undertake regular penetration testing. He also
recommended businesses consider control of URLs through web
filtering
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats