Security risk spotted on Qantas site

By

Mysterious XSS vulnerability could be bad news.

Security researchers have noted a security vulnerability lurking on the online booking website for airline Qantas.

Security risk spotted on Qantas site

The cross-site scripting vulnerability was discovered by an anonymous user and submitted to security watchlist XSSED.com - the second time the integrity of Qantas' web properties has been called into question by the publication.

 

Security experts monitoring the site are as yet unsure of what data - if any at all - the script is capable of stealing from the page.

"XSS (cross-site scripting) is one of the most common tools in the hacking trade," noted Kane Lightowler, regional sales director at IT security vendor Imperva.

"XSS allows an attacker to inject malicious software into websites that are, in turn, accessed by unwary consumers who are often asked to provide credentials such as usernames, passwords or credit card information."

Lightowler noted that "nearly every major website today has been affected by XSS attacks, including Facebook and Twitter."

UPDATE - Tuesday 3pm - Qantas has responded to this story.

"Qantas takes a proactive approach to detecting and responding to these sorts of issues. We are aware of the issues identified by XSSED.com and are currently in the process of implementing changes to remedy any associated vulnerabilities."

UPDATE - Tuesday 3:20pm

Qantas has confirmed the problem has been resolved. "We have also confirmed that there was no threat to the personal information of our customers," an airline spokesman said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

Log In

  |  Forgot your password?