Article

Netscape.com hit with cross-site scripting attack

Eric B. Parizo, Executive Editor
Update: Netscape.com was the victim of a benign attack early Wednesday morning. However, a Netscape spokesman says the site has been secured and its visitors are now safe.

According to a blog posting from F-Secure Corp.,

    Requires Free Membership to View

its researchers discovered at least four different code-laden posts at about 5:00 a.m. eastern time Wednesday.

The attacks appeared in the form of pop-up boxes when visitors viewed certain pages on the Netscape.com site. Screen shots on the F-Secure Web site depict pop-up messages that read, "Tom Way is the sexiest man alive," "this site [expletive]. go here instead," and "Hi to all you diggers out there ;)."

Netscape spokesman Andrew Weinstein said the issue involved a cross-site scripting vulnerability that allowed for the posting JavaScript pop-up boxes, in some cases redirecting visitors to other Web sites.

Weinstein said the vulnerability was quickly discovered and addressed Wednesday morning. He said the Netscape team is monitoring the site closely for any further issues, but it has received no reports of any of its users being compromised in any way.

Mikko Hypponen, research director with the Finnish security firm, confirmed that the attack vector was a persistent cross-site scripting vulnerability in the site's newly launched news service, which seeks to emulate community news sites like Digg.com that enable visitors to recommend news articles from around the Web.

"The new Netscape user interface allows end-users to post HTML code that will be viewable by everyone else," Hypponen said. "This allows the user to enter script code and potentially malicious content to the public pages on Netscape.com.

"Attackers (who are obviously fans of Digg) have used the XSS vulnerability to inject their own JavaScript code snippets into pages on the Web site, including the homepage," Hypponen said.

Hypponen said before the issue was corrected, anyone with even a cursory knowledge of creating cross-site scripting exploits could have easily caused harm to Netscape visitors.

"One particularly nasty scenario is when this issue is combined with a browser exploit, for example, the one exploiting the Windows Meta File vulnerability in IE," Hypponen said. "In that case, Netscape visitors with unpatched machines could have their machines hacked."

He also noted that such an exploit could also have been used for phishing attacks.

It's unclear whether Netscape was targeted because of its controversial site redesign. Last month the site migrated away from its long-time portal-like design that emulated sites like MSN.com and Yahoo.com.

While Netscape has claimed that its users have largely approved of the change, a Web petition sponsored by Netscape user Ernie Jenkins was spawned to protest the change. So far it has garnered 1,431 signatures.

"It appears that some of the language in the redirects referred to Digg.com," Weinstein said, "so it's a safe assumption that some of those who posted them were fans of Digg."

Added Hypponen, "Netscape's new 'Digg-like' interface generated lots of interest and apparently somebody tried to stretch the limits of user-controlled content."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: