Netscape.com hit with cross-site scripting attack

Update: The popular Web portal was victimized by a cross-site scripting attack early Wednesday, but Netscape says the problem has been addressed and its users are now safe.

Update: Netscape.com was the victim of a benign attack early Wednesday morning. However, a Netscape spokesman says the site has been secured and its visitors are now safe.

According to a blog posting from F-Secure Corp., its researchers discovered at least four different code-laden posts at about 5:00 a.m. eastern time Wednesday.

The attacks appeared in the form of pop-up boxes when visitors viewed certain pages on the Netscape.com site. Screen shots on the F-Secure Web site depict pop-up messages that read, "Tom Way is the sexiest man alive," "this site [expletive]. go here instead," and "Hi to all you diggers out there ;)."

Netscape spokesman Andrew Weinstein said the issue involved a cross-site scripting vulnerability that allowed for the posting JavaScript pop-up boxes, in some cases redirecting visitors to other Web sites.

Weinstein said the vulnerability was quickly discovered and addressed Wednesday morning. He said the Netscape team is monitoring the site closely for any further issues, but it has received no reports of any of its users being compromised in any way.

Mikko Hypponen, research director with the Finnish security firm, confirmed that the attack vector was a persistent cross-site scripting vulnerability in the site's newly launched news service, which seeks to emulate community news sites like Digg.com that enable visitors to recommend news articles from around the Web.

"The new Netscape user interface allows end-users to post HTML code that will be viewable by everyone else," Hypponen said. "This allows the user to enter script code and potentially malicious content to the public pages on Netscape.com.

"Attackers (who are obviously fans of Digg) have used the XSS vulnerability to inject their own JavaScript code snippets into pages on the Web site, including the homepage," Hypponen said.

Hypponen said before the issue was corrected, anyone with even a cursory knowledge of creating cross-site scripting exploits could have easily caused harm to Netscape visitors.

"One particularly nasty scenario is when this issue is combined with a browser exploit, for example, the one exploiting the Windows Meta File vulnerability in IE," Hypponen said. "In that case, Netscape visitors with unpatched machines could have their machines hacked."

He also noted that such an exploit could also have been used for phishing attacks.

It's unclear whether Netscape was targeted because of its controversial site redesign. Last month the site migrated away from its long-time portal-like design that emulated sites like MSN.com and Yahoo.com.

While Netscape has claimed that its users have largely approved of the change, a Web petition sponsored by Netscape user Ernie Jenkins was spawned to protest the change. So far it has garnered 1,431 signatures.

"It appears that some of the language in the redirects referred to Digg.com," Weinstein said, "so it's a safe assumption that some of those who posted them were fans of Digg."

Added Hypponen, "Netscape's new 'Digg-like' interface generated lots of interest and apparently somebody tried to stretch the limits of user-controlled content."

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close