Benjamin Daniel Mussler, an analyst who studies security systems, said the tab “Manage content and device” and the service “Manage your Kindle” in the online library Amazon Kindle are vulnerable to cross-site scripting ( XSS). Gap in the service can be used by placing in the title ebook specially crafted trap-link, taking the form of “” and sufficient to carry out an attack on unconscious person.
When false eBook will be added to the library, the malicious code is automatically executed. Just that the Kindle library page will open. Mussler claims that “
The good news for users is unlikely to find the eBook with a threshed title in the official Kindle store. The only real chance to experience fraud is to download pirated books and the use of suspect sources. When you make use of the Amazon “Send to Kindle”, infected files can be found on our reader.
Benjamin Mussler believes that the gap in the software Amazon has been known for a long time. The first mention of it in its industry report in November 2003 – along with an eBook that retrieve and send more cookies. Technicians from Amazon managed to fix this vulnerability within 4 days. The analyst was shocked that the same gap appeared again two months ago and till now has not been corrected. Directed to Amazon prompts, however, remain unanswered. This behavior made it Mussler decided to go public with their results. In addition, published on its website a sample code that allows you to use each gap and an attack.
-
Meanwhile, the Kindle reader users, for the sake of their own safety, they should use only the publications available on the official site.
Source: MARKEN Anti-virus systems
Kan
No comments:
Post a Comment