The risk of hacking is ubiquitous in the digital world. And if Windows was the computer system most susceptible to worms, viruses, Trojans and other malware is that this OS is the most widespread on the planet. The possibilities for financial benefits for hackers villains are more important. Logic, in this context, that we discover a security flaw exploited at Amazon, leading seller of ebooks in the world!
For users, everything is very simple with the Kindle environment. When you live in a proprietary world, just to get carried away. Until the day it is a security hole that prevails in turn user data. All customers of the Kindle service has a library, Manage Your Content and Devices and Manage your Kindle. According B.FL7.DE site, a particular concern in vulnerability found.
It would take a XSS to inject malicious code, which would come from the metadata of a digital book – as the title , for instance. This type of vulnerability allows to trigger applications on browsers who visit a page. And with HTML5 technology redirects a phishing site, or steal cookies.
A hacker (a real ugly …) can happen with a simple added to the library of the victim code, transferring personal data. Specifically, malignant URL is added to the metadata and as soon as one goes to the Amazon Kindle page to manage its file, the user can be redirected to a fraudulent page. This means that counterfeit books found in traditional networks can easily hold the said vulnerability, and in case of downloading, run the code they contain.
Now the problem: the flaw was unveiled in late October 2013, and to date, Amazon has still not elaborate, and the flaw is made public. The site also provides a proof of concept to demonstrate the reality of the fault.
Since November 2013 the developer reported this flaw to Amazon, very confidentially, no reaction took place, and, as readers accumulate, the security flaw is increasingly threatening. A real failure on the part of the largest digital bookseller in the world, while the editor of the Calibre software corrected the issue very quickly.
Amazon had corrected, initially, this security problem, in late December 2013, but it reappeared in the current the year, and now is open to public. And pirates …
To deepen
Hacking accounts at Comixology: a security flaw revealed
Adobe: Damage piracy larger accounts as advertised
Index of EPUB: Google Hacking new tool Search ebooks
No comments:
Post a Comment