MPAA/RIAA Web site security flaw ironic, but unsurprising

San Mateo, CA, (PresseBox) - Fortify Software, the application vulnerability specialist, says that the cross-site scripting (XSS) security flaw reported on the Web sites of the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) comes as no surprise.

"The fact that a cracker known as Vektor - a member of the Team Elite group of Web exploit publicists - was able to insert details of the well-known file-sharing site, The Pirate Bay, into the MPAA's recommended list of sites is ironic, given the MPAA's stance on illegal file-sharing," said Richard Kirk, Fortify's director.

"But the issue that such sites are open to XSS-driven incursions and alterations comes as no surprise, given the fact that so many sites are poorly programmed and therefore open to such attacks," he added.

According to Kirk, the list of XSS-attacked sites is now quite long and includes eBay, Intel, Eset, Kaspersky, McAfee, Symantec to mention but a few.

The sad reality of the world of poorly code audited and programmed site hosting, he says, is that this list is going to get longer.

As companies are pressured by the economic recession, IT security safeguards such as program code auditing and soak testing are either curtailed or axed from the development process. The result is that program code - like the hosting software seen on the above sites - goes live without being fully tested, he explained.

"Until such time as organisations get wise to the fact that they simply cannot afford to remove back-room security such as code auditing and soak testing from their portfolio of IT security defences, these types of attacks will continue," he said.

"The MPAA is lucky that Vektor's attack was a proof-of-concept one, and intended as something of a joke. The next time they - and other organisations whose sites are vulnerable to XSS-driven attacks, may not be so lucky," he added.

For more on Vektor's attack on the MPAA site:

For more on Fortify Software:

Press releases you might also be interested in

Weitere Informationen zum Thema "Software":

10 ERP-Trends für 2018

Die Di­gi­ta­li­sie­rung ist Front im Mit­tel­stand an­ge­kom­men. Je nach­dem, wie in­ten­siv sich die Un­ter­neh­men da­mit be­fas­sen, ste­hen im neu­en Jahr völ­lig un­ter­schied­li­che Schwer­punk­te für ERP-An­wen­der an.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.