Security Corner

Jan 19 2010   2:18AM GMT

Web 2.0 Security: XSS, CSRF Attacks

Ken Harthun Ken Harthun Profile: Ken Harthun

Cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities have been with us for some time and while many social networks have tightened their defenses against XSS attacks–as have many other conventional websites–there are some social networking worms have used XSS flaws to spread. Some security experts say that CSRF attacks are not common on the social networks, but best be on the lookout for them unless the site admins are proactive.

The openness of Web 2.0 sites in general makes these complicated attacks virtually unnecessary, but it is possible using CSRF to utilize a hacked MySpace account to jump across to Facebook and wreak havoc. One security specialist noted that as long as users are allowed to use code in one form or another in profiles and comments–especially with links to external content–there are going to be security problems.

That seems to be the real issue here. XSS and CSRF, while possible, probably aren’t even necessary for hackers to compromise accounts; they’re already open enough to be vulnerable.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: