Amazon is the top seller of e-books in the world. It therefore seems logical that the ecosystem of the company is likely to be hacked.
This is all the more possible that Daniel Mussler, independent computer security researcher has discovered a security flaw. It affects the webpage Kindle which takes the names “Manage your content and devices” or “Manage your Kindle”. The researcher makes available on its website as an e-book proof of concept the fault.
The flaw update allows to trigger applications on web browsers who visit a page. It’s attacks like cross-site scripting (XSS) that are triggered by a malicious script.
This may be associated with in a digital book or document metadata. It gets under way as soon as the user who associated with its Kindle reading light visit the dedicated management Kindle Web page. The malicious code can take this form: XSS attack allows the attacker to access and transfer the cookies containing the identifiers of your Amazon account. The latter is compromised.
The flaw was also present with software for managing your Kindle library such as Calibre updated to version 1.80 that fixes the problem.
More than ever, we must be vigilant about the sources from which your e-books come, as it is recommended to be with the origin of the applications in the Android ecosystem.
C ‘ is embarrassing for Amazon, especially since the flaw was first discovered by the German researcher in October 2013, the e-commerce giant has filled in November 2013 after being warned.
But it reappeared surreptitiously this summer following an update webpages Amazon Kindle management. The researcher then informed that Amazon had not responded two months later, despite this warning shot.
The outcry over this discovery seems to have finally paid off puisqu’hier the flaw was filled by Amazon
Illustration credit: Pavel Ignatov – Shutterstock.com
No comments:
Post a Comment