Macedonia 99 percent vulnerable to XSS internet attacks

МакедонскиEnglishShqip

Home

News

Macedonia

Macedonia 99 percent vulnerable to XSS internet attacks

News - Macedonia

Thursday, 03 February 2011 10:43

Security experts say people should exercise caution when opening emails, and when clicking on links sent by unknown as well as familiar people.

A few days ago, computer giant Microsoft issued a warning on its official blog to 900 million Internet Explorer users, because an error was found in the Windows operating systems which could potentially be used by hackers to gain access to personal data.

This error does not affect web browsers Firefox, Chrome and Safari, because unlike the Internet Explorer web browser, they do not support MHTML files, where the actual problem is.

Microsoft has not specified exactly what the problem is, only that the so-called error in the Windows systems affects all Windows versions supporting this web browser - Windows XP (SP3), Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008 (R2).

- We still don’t know if this error has been exploited against someone – Microsoft’s spokeswoman Angela Gunn said, but she also added that it is possible for a hacker to develop a script that would use this error to gather your personal data, e-mails etc. while you’re online.

Given that the error is actually a part of the Windows systems, its removal is not as simple, and the software giant released an update (patch) as a temporary solution to prevent the script in case someone tries to infiltrate your computer.

Representatives of Microsoft Macedonia say that despite this vulnerability, the company teams responsible for this issue are dealing with the problems immediately.

- Although these are serious problems, Microsoft is releasing security updates every Tuesday and quickly patching the holes in the Windows system - says Ilijancho Gagovski, director of Microsoft Macedonia.

Security experts say users should exercise caution when opening emails and when clicking on links sent by unknown as well as familiar people.

- This vulnerability is similar to cross-site scripting (XSS), by using the MHTML protocol through which attackers could infiltrate the system via a web browser, for instance, by sending an e-mail, or even an ordinary link - says Gjoko Krstic, an information security engineer at the ‘Zero science’ lab.

They are advised to avoid using Internet Explorer, due to statistics data indicating that the level of IE’s vulnerability to daily threats is as high as 85 percent, Apple’s Safari and Mozilla Firefox with 25 percent, Google’s Chrome 14 percent and Opera with only 1 percent. Chrome uses sandbox technology and it is the most protected web browser to date. Zero Science recommends the use of Mozilla because of the stability, speed and security it offers.

Cross-site scripting vulnerability

Some people do not take the XSS vulnerability as a serious threat. XSS can be used to carry out many attacks and techniques and everything depends on the creativity of the attacker, ranging from stealing sessions, confidential information and the like, to a complete control and contamination of the victim’s system. The XSS vulnerability is widespread in Macedonia with 99 percent, i.e. every second website has it.

General vulnerability of web browsers

Internet Explorer 85%
Safari 25%
Mozilla 25%
Chrome 14%
Opera 1%

Author: Zharko Karanfilov

Source: Nova Makedonija „Македонија 99 отсто ранлива на XSS интернет-напади“ Number 22196, February 2, 2011.

Tags: Microsoft , MHTML