Security risk spotted on Qantas site

By on
Security risk spotted on Qantas site

Mysterious XSS vulnerability could be bad news.

Security researchers have noted a security vulnerability lurking on the online booking website for airline Qantas.

The cross-site scripting vulnerability was discovered by an anonymous user and submitted to security watchlist XSSED.com - the second time the integrity of Qantas' web properties has been called into question by the publication.

 

Security experts monitoring the site are as yet unsure of what data - if any at all - the script is capable of stealing from the page.

"XSS (cross-site scripting) is one of the most common tools in the hacking trade," noted Kane Lightowler, regional sales director at IT security vendor Imperva.

"XSS allows an attacker to inject malicious software into websites that are, in turn, accessed by unwary consumers who are often asked to provide credentials such as usernames, passwords or credit card information."

Lightowler noted that "nearly every major website today has been affected by XSS attacks, including Facebook and Twitter."

UPDATE - Tuesday 3pm - Qantas has responded to this story.

"Qantas takes a proactive approach to detecting and responding to these sorts of issues. We are aware of the issues identified by XSSED.com and are currently in the process of implementing changes to remedy any associated vulnerabilities."

UPDATE - Tuesday 3:20pm

Qantas has confirmed the problem has been resolved. "We have also confirmed that there was no threat to the personal information of our customers," an airline spokesman said.

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?