netdef (netdef) wrote,

  • Mood:
  • Music:

Social networking sites have (gasp!) open XSS vulnerabilities

Researchers at a well known anti-malware company checked out a few popular social networking sites to see how vulnerable they were. In 30 minutes they discovered more than half a dozen server side "worm-able" Cross Site Scripting (XSS) vulnerabilities.

What can end users do?

1) Patch your operating systems! Windows users should be aware that Microsoft generally releases critical updates every second Tuesday of the month. Setting your automatic updates to check once per week (the longest period you can select in the UI) is a great idea. I recommend selecting Wednesday early in the morning - before your work day starts. Leave your machine on Tuesday night . . .

2) Subscribe to good anti-virus protection

3) Subscribe to Malware/Spyware/Adware protection

AntiVirus products that tested well in recent reviews:
- eTrust 8.1 Corporate (Not the home or personal version.)
- Kaspersky
- NOD32
- F-Secure

Some not so good choices:
Symantec AV (over 30% tested infection rate with current signatures)
McAfee AV (over 33% infection rates, plus exploitable holes in their update service.)

While both of the above share the most market share - they offer abysmal protection. They are also system resource pigs. I tell friends that ask me which engine to choose that these two products will turn a perfectly good Pentium IV machine into a PII . . .

Malware Real Time Protection - Best products in order of effectiveness
- Sunbelt Software's CounterSpy (cousin of Windows AntiSpyware Beta 1 and distant relative of Microsoft Defender Beta - but much better!)
- Spysweeper

Malware scanners
Spybot Search & Destroy
Adaware Personal

(Links from this article will open a new browser window.)
Tags: safety, security, spyware, virus

  • Hackers targeting your home LAN router / firewall

    This applies to any platform that runs Java, be it Mac, PC Windows or PC Linux. This also applies to any browser that supports Javascript, including…

  • Craplets: a new term is coined

    Craplets! What a great word to describe a very dirty side of the PC retail industry. ' "We call them craplets," the official said. The term is a…

  • Wi-Fi update for Windows XP SP2

    Remember that Wi-Fi hack demo at the Blackhat conference a couple of months ago? Quietly tonight, Microsoft released a really major update to help…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded