Wednesday, September 17th, 2014
Kindle Security At Risk Due To XSS Flaw
[News] Benjamin Mussler warned last week that Kindle had cross-site scripting vulnerability, leaving users exposed to dangerous malicious threats. The ones who face the greatest risk are the users that download pirated e-books where hackers can inject malicious codes into a victim’s account through the e-book meta data such as the title. These malicious codes execute once the user opens the Kindle Library Webpage after having downloaded the infected e-book. These hackers can access then users’ Amazon account cookies. The users who stick to Amazon and do not download e-books from unreliable sites should be safe.
This is not the only problem for Amazon. The Audible audiobook service entails a vulnerability that can be exploited by anyone in order to download unlimited audio books for free. Alan Joseph found that the website does not authenticate credit card payments before letting the users buy books. Joseph’s code reportedly let Business Insider use fake credit card information to purchase Audible’s most expensive membership program, a US$229 Platinum Annual Membership that allows buyers to download 24 books.
Amazon apparently was first made aware of the exploit in March 2013 but did not take action to remediate, which not only leaves customers exposed to threats but can also do massive brand damage.
Retrieved from: Tech News World