Thursday, October 18, 2007

Web 2.Woe: Simple Security Flaws Going Unfixed

Liam Tung writes on ZDNet Australia:

Web application vulnerabilities are simple to fix but they're here to stay and will likely get worse, say security analysts.

Last week, minor flaws in the Web sites of the Liberal and Labor parties, which allowed the public to create "spoof" pages of the sites, led to fears that the Web sites had been hacked.

Andrew Walls, research director of Gartner's security and privacy group, told ZDNet Australia it did not constitute a genuine hack. "The 'spoof' or prank is actually outside the control of the Web master or developer that is responsible for the Web site," he said.

Security experts refer to the vulnerabilities as cross-site scripting or XSS flaws. While they are fairly simple to fix, Walls said the examples highlight why they should be fixed. Despite the flaws not amounting to any serious threat to security -- no money was lost, no personal details were exposed -- Walls said it had a significant impact, particularly on the Liberal Party's image.

More here.

0 Comments:

Post a Comment

<< Home