eBay XSS password-stealing security hole “existed for months”

The BBC reports that users have been hit by a cross-site scripting flaw on eBay since at least February, putting passwords at risk of phishers.


Download this Kindle eBook, and have your Amazon account cookies stolen

A security researcher has reported what appears to be an embarrassing Amazon flaw that could put Kindle users at risk.

Read more in my article on the Hot for Security blog.

Tweetdeck has an XSS flaw. Here’s what you should do right now

A potentially serious security flaw has been found in Tweetdeck, the popular Twitter client.

Here’s what you need to know.

Serious security hole found in SEO plugin used by millions of WordPress users. Update now

Do you use the popular All in One SEO Pack plugin on your WordPress website?

If so, you need to update the plugin as soon as possible to the latest version.

NHS websites awash with security vulnerabilities. Ensure your WordPress site is running up-to-date software

Websites run by Britain’s National Heath Service (NHS) are riddled with security vulnerabilities and could easily be exploited by online criminals, claims a newly-published investigation.

Are you doing everything you should to ensure that your website is up-to-date and not infecting its visitors?

Serious Yahoo bug discovered. Researchers rewarded with $12.50 voucher to buy corporate T-shirt

Such a risible bug bounty is unlikely to win Yahoo any friends and could – if anything – make it less likely that the site will gain the assistance of white-hats in future.

Security holes found on the NASDAQ website

NASDAQ website found vulnerable to cross-site scripting attacks, and accused of a tardy response.

Weibo, China’s Twitter-like service, hit by worm

A worm which broke out on Weibo, exploited a cross-site scripting flaw and sent around messages claiming to link to naked photos of Fan Bingbing, romantic poetry and mobile phone spyware.

The names and faces behind the ‘onMouseOver’ Twitter worm attack

Read more in my article at Naked Security.

Twitter ‘onMouseOver’ security flaw widely exploited

The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link. In a worrying development, messages are also spreading virally exploiting the cross-site-scripting (XSS) vulnerability without the consent of users.