By Mark Wilson
http://betanews.com/wp-content/uploads/2015/03/amazon_xss_vulnerability.jpg
A serious XSS vulnerability left Amazon customers in "real danger" of having their accounts compromised. The man who made the discovery is Brute Logic, the current top security researcher at XSSposed.org and "light-gray computer hacker". We spoke to him about the security issue as well as talking about the responsibilities involved in exposing vulnerabilities.
The cross-site scripting vulnerability was discovered on March 21 and was left unpatched for two days. In this time, Brute Logic says there was a real risk that people "could have their Amazon account compromised or had their computer invaded by means of a browser exploit". He says it is the responsibility of sites to fix problems when they are highlighted by the hacking community.
Brute Logic is not, like some hackers, in the habit of holding sites to ransom when a vulnerability is discovered. At the same time, he and other hackers are not out to do the cleanup work for the likes of Amazon. I asked whether he had informed Amazon of the security issue when he discovered it: "Since they do not pay for that, I just reported it to XSSposed.org and tweeted with a mention".
full article
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.