Follow DFM on Twitter
DFMag:
Yahoo 'to buy Tumblr for $1.1bn' http://t.co/Myvi6vJecS Announcement expected on Monday
DFMag:
New security for anti ATM skimming developed by perpetrator of skimming in 2009 http://t.co/O7yNNZcGEg developed whilst in custody.
DFMag:
Director GCHQ 10 Steps to better Cyber Security http://t.co/OoLGCqI2Ya PDF download article from GCHQ website
DFMag:
The Official Arduino Robot http://t.co/vicsP75V6G Entry level for those interested in robotics, a collaboration between Arduino & Complubot
Advertisements
Advertisements
Fuzzing Risks for Rich HTML Applications
Thursday, 31 January 2013 19:59
Fuzzing Risks for Rich HTML Applications
A recent research project showed that it was possible to shift money from bank accounts to multiple others in other banks by simply tampering the form scanner parameters on one account. The exploitation demonstrated the vulnerability of online banking sites when rich html applications are used to enhance the customer experience and insuffi cient care is taken to harden the site. The attack is commonly known as a cross-site scripting (XSS) attack and relies on session hijacking between the client side technologies and the server side services. The break is exploited in various ways to change the instructions and to circumvent a number of security features including one-time passwords (OTP).
Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.
