Contact
QR code for the current URL

Press release Box-ID: 282188

Fortify Software, Inc 2215 Bridgepointe Pkwy, Suite 400 94404 San Mateo, CA, United States http://www.fortify.com
Contact Ms Yvonne Eskenzi +49 (20) 71832-832
Company logo of Fortify Software, Inc
Fortify Software, Inc

Fortify warns on Ministry of Defence XSS site flaw

(PresseBox) ( San Mateo, CA, )
The ongoing problem of cross site scripting (XSS) flaws has hit the Ministry of Defence, Fortify Software, the application vulnerability specialist, has reported.

Richard Kirk, Fortify's European Director, says that the MoD admitted to the flaw on Tuesday, after it was alerted to the XSS problem by a journalist who had been tipped off by the hacker group, Team Elite.

"XSS vulnerabilities are often found in Web applications which allow code injection by malicious Internet users into the pages viewed by other users. Examples of these flaws include client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy," he said.

"Research by Symantec in 2007 (http://preview.tinyurl.com/3q9j7w) revealed that around 80 per cent of documented site vulnerabities were down to XSS security problems," he added.

According to Kirk, in many cases of an XSS-driven infection, the infected user is usually unaware his/her computer has been compromised, and is leaking information

This, is he explained, what makes XSS flaws so insidious, as - in common with other similar security problems - the flaw on the MoD Web site could have re-routed users to a second, infected portal.

Kirk went on to say that the XSS flaw only appears to have affected the MoD's A to Z index, but the good news is that the MoD Webmaster appears to have responded almost immediately to the Team Elite warning.

Team Elite's Maciej Bukowski posted details of the MoD site flaw late on Sunday and the MoD was alerted to the problem after Bukowski contacted the ZDnet newswire on Monday.

"Since Bukowski was responsible for revealing a similar flaw on the MI5 Web portal last month, it looks like the message has got through and the MoD reacted swiftly to the Team Elite posting, as soon as ZDNet alerted them to the problem," said Kirk.

For more on the MoD XSS security flaw:
http://preview.tinyurl.com/nu7kb2

For more on Fortify Software: http://www.fortify.com
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2022, All rights reserved

The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.