Schwab site vulnerable to hackers
Source: ZDNet - Posted by Dave Wreski   
Hacks/Cracks Charles Schwab & Co.'s Web site is vulnerable to a well-known attack that could allow a hacker to gain access to sensitive account information, the financial services company acknowledged Wednesday. Reported by San Francisco-based programmer Jeff Baker on the Bugtraq security . . . Charles Schwab & Co.'s Web site is vulnerable to a well-known attack that could allow a hacker to gain access to sensitive account information, the financial services company acknowledged Wednesday. Reported by San Francisco-based programmer Jeff Baker on the Bugtraq security mailing list on Wednesday, the vulnerability involves "cross-site scripting." The vulnerability, which uses popular Web programming languages such as JavaScript to hijack a customer's Web browser, is similar to one acknowledged by E*Trade Group Inc. (Nasdaq: EGRP) in September.

By exploiting the vulnerability, "malicious users can fool other users' Web clients...which allows them to do things such as stealing that client/server's cookies," Elias Levy, Bugtraq's moderator and the chief technology officer of SecurityFocus.com, wrote in an advisory. Calling the vulnerability a "common flaw," Levy blamed the problem in part on "the lack of good practices by programmers of Web-based applications."

Read this full article at ZDNet

Only registered users can write comments.
Please login or register.

Powered by AkoComment!