Text originally appeared on Blog Forums Spider’s Web.
The Bothersome Bug Amazon Kindle could expose users to risk.
Mussler Daniel Benjamin, an analyst who studies security systems, said the tab “Manage content and device” and the service “Manage your Kindle” in the online library Amazon Kindle are vulnerable to cross-site scripting (XSS). Gap in the service can be used by placing in the title ebook specially crafted link-trap receiving a form of “‘sufficient to attack unconscious person.
When false eBook will be added to the library, the malicious code is automatically executed. Just that the Kindle library page will open. Mussler claims that “cookies attributed to the Amazon account can be transferred to the attacker, while Notwithstanding the account of the victim”.
The good news for users is unlikely to find the eBook with a threshed title in the official Kindle store. The only real chance to experience fraud is to download pirated books and the use of suspect sources. When you make use of the Amazon “Send to Kindle”, infected files can be found on our reader.
Benjamin Mussler believes that the gap in the software Amazon has been known for a long time. The first mention of it in its industry report in November 2003 – along with an eBook that retrieve and send more cookies. Technicians from Amazon managed to fix this vulnerability within 4 days. The analyst was shocked that the same gap appeared again two months ago and till now has not been corrected. Directed to Amazon prompts, however, remain unanswered.
This behavior meant that Mussler decided to go public with their results. In addition, published on its website a sample code that allows you to use each gap and an attack.
– Is the behavior of Benjamin Mußler was right? Certainly Discussion – says Marek Markowski, head MARKEN Anti-virus systems, companies in the security and protection of data in computer networks. – It is puzzling silence on the part of such a giant, which is the Amazon, and the re-system vulnerability disclosed by Mußler attacks. After the publication of the information, Amazon urgently will have to permanently eliminate the gap, taking care of his good reputation – rounds out Marek Markowski.
Meanwhile, the Kindle reader users, for the sake of their own safety, they should use only the publications available on the official sites.
–
Image from Shutterstock service.
No comments:
Post a Comment