XSS on Hotmail highlights personal e-mail risk to business

A vulnerability in the Hotmail site has enabled hackers to steal an unknown number of messages from users' accounts, according to security firm Trend Micro.The attack highlight the underrated and often-ignored risk of allowing employees to check their personal e-mail accounts at work, the company says. Cross-site scripting (XSS) is a common security vulnerability in web applications that enables attackers to inject client-side script into web pages viewed by other users, but rarely found in prominent sites such as Hotmail. The vulnerability enabled hackers to display a message that looked like a Facebook notification warning the victim's account had been accessed from a new location. Embedded in the message was a script that forwarded the victim's e-mail messages to the hackers. The attack would launch if the victim was logged into Hotmail and either read or previewed the booby-trapped fake Facebook warning message. "The script triggers a request that is sent to the Hotmail server. The said request sends all of the affected user's e-mail messages to a certain e-mail address," Trend Micro said in a blog post. The attack exploits a script or a CSS filtering mechanism bug in Hotmail (CVE-2011-1252), which Microsoft has fixed in an update to Hotmail.


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Related Posts Plugin for WordPress, Blogger...