Security consultant Benjamin Mussler last week warned that the Kindle e-book library had a cross-site scripting vulnerability. It appears Amazon previously had fixed the XSS flaw but two months ago reintroduced it in a new version of the "Manage Your Kindle" Web application, according to Mussler. Mussler first reported the XSS vulnerability to Amazon last November, and it was fixed. However, Amazon's IT staff continued to use his proof of concept on internal preproduction systems for months afterward, he claimed.XSS Flaw Burns a Hole in Kindle Security
Security consultant Benjamin Mussler last week warned that the Kindle e-book library had a cross-site scripting vulnerability. It appears Amazon previously had fixed the XSS flaw but two months ago reintroduced it in a new version of the "Manage Your Kindle" Web application, according to Mussler. Mussler first reported the XSS vulnerability to Amazon last November, and it was fixed. However, Amazon's IT staff continued to use his proof of concept on internal preproduction systems for months afterward, he claimed.
0 comments:
Post a Comment