NormCameron
Vista Guru
Posted Yesterday 26 December 2008.
"Before you drop in on the American Express website to see how much damage you did to your credit line with holiday shopping, you should know it's vulnerable to an XSS (cross-site scripting) exploit. As The Register reports, this news comes after a bungled attempt to fix the problem. As El Reg puts it,
XSS Vulnerabilities at AmEx Website | Maximum PC
"Before you drop in on the American Express website to see how much damage you did to your credit line with holiday shopping, you should know it's vulnerable to an XSS (cross-site scripting) exploit. As The Register reports, this news comes after a bungled attempt to fix the problem. As El Reg puts it,
The cross-site scripting (XSS) error that makes it trivial for attackers to steal americanexpress.com user's authentication cookies is alive and kicking. The confusion stems from a mistake made by many application developers who incorrectly assume that the root cause of a vulnerability is closed as soon as a particular exploit no longer works.
So far, only proof-of-concept exploits have been written to show how easy it would be to pilfer login credentials, but until AmEx really eradicates this problem, keep a careful eye on your website transactions. For a list of precautions you can take to stop XSS exploits, see our 2007 article."
XSS Vulnerabilities at AmEx Website | Maximum PC
My Computer
System One
-
- Manufacturer/Model
- Scratch Built
- CPU
- Intel Quad Core 6600
- Motherboard
- Asus P5B
- Memory
- 4096 MB Xtreme-Dark 800mhz
- Graphics card(s)
- Zotac Amp Edition 8800GT - 512MB DDR3, O/C 700mhz
- Monitor(s) Displays
- Samsung 206BW
- Screen Resolution
- 1680 X 1024
- Hard Drives
- 4 X Samsung 500GB 7200rpm Serial ATA-II HDD w. 16MB Cache .
- PSU
- 550 w
- Case
- Thermaltake
- Cooling
- 3 x octua NF-S12-1200 - 120mm 1200RPM Sound Optimised Fans
- Mouse
- Targus
- Keyboard
- Microsoft
- Internet Speed
- 1500kbs
- Other Info
- Self built.