XSS Vulnerabilities at AmEx Website
XSS Vulnerabilities at AmEx Website
Posted 12/26/2008 at 4:25pm
| by Mark Edward Soper
2
Comments
Print
Before you drop in on the American Express website to see how much damage you did to your credit line with holiday shopping, you should know it's vulnerable to an XSS (cross-site scripting) exploit. As The Register reports, this news comes after a bungled attempt to fix the problem. As El Reg puts it,
The cross-site scripting (XSS) error that makes it trivial for attackers to steal americanexpress.com user's authentication cookies is alive and kicking. The confusion stems from a mistake made by many application developers who incorrectly assume that the root cause of a vulnerability is closed as soon as a particular exploit no longer works.
So far, only proof-of-concept exploits have been written to show how easy it would be to pilfer login credentials, but until AmEx really eradicates this problem, keep a careful eye on your website transactions. For a list of precautions you can take to stop XSS exploits, see our 2007 article.
Have you been victimized by an XSS error? Hit Comment and sound off.
More like this
BaggerX
December 29, 2008 at 11:52am
The article about XSS precautions basically tells us that there's nothing we can really do except try not to click on anything that will steal our cookies. No info on what would be considered suspicious though. Looks like we're pretty screwed.
TheDorkSide
December 28, 2008 at 8:04am
I love how as an AMEX cardholder I wasn't informed of this...and since I was never informed I wonder if I'll not be informed once the vulnerability has been addressed and corrected.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Micron: DRAM Prices Likely as Low as They're Going to Get http://t.co/fFUWuFOm2 hours 25 min ago
- maximumpc: Yar, Mateys! All Of Pirate Bay Made Available As A Single 90MB Zip File http://t.co/j5LHlXEZ3 hours 39 min ago
- maximumpc: Blizzard Newstravaganza: Diablo III Gets Release Window, Blizz Sues Valve over DOTA http://t.co/79gkeH7p5 hours 33 min ago
