If the user clicks on the link provided - and generally use the URL Shortener like bit.ly, tinyurl.com, go.gl etc. - then the victim will be delivered to the pages that previously had been prepared containing XSS exploitation.
According to Alfons Tanujaya, observers viruses and cyber security of Vaksincom, XSS maker is clearly an Indonesian and follow the news, especially football in Indonesia.
"By leveraging the recent issue and making it social engineering (social engineering), a sophisticated, so do not be surprised if many people are interested in the link that was promised and hoped to see something funny from the link," said Alfons on testimony, March 29, 2011.
However, Alfonso said, rather than in getting a funny picture, what happened instead was a victim The access link XSS. "By default, the script will do a post on his Facebook account," he said.
However, Alfonso said, looking at XSS methods used, chances are this script does not take action to steal passwords.
"Actions taken by the perpetrator similar actions by the spreader Firesheep," said Alfons. "They stole another cookie Wifi fellow users without knowing the password and use it to log into the accounts of Facebook, Twitter and Yahoo Mail are not using https security," he said.
However, Alfonso said, for security reasons and in case you ever click on this link is recommended to change the password of your Facebook account.
As is known, a tool used, ie, URL Shortener or penyingkat URL was actually created for good purpose. URL Shortener can condense a long URL addresses to be very short. But like two-edged sword, URL Shortener be rapidly adopted by spammers, virus and malware makers.
"Since the original URL Shortener address this in no way be viewed and with one click the link provided by URL Shortener it, then we will be delivered to the address of a site that has been in daftarkansebelumnya by the makers of URL Shortener this," said Alfons.
If the site contains malicious code such as XSS emerging in Facebook today, then this script will be able to make the victim automatically posting otomatistanpa realized by the owner of the account.
Therefore, Internet users are expected to be cautious when getting a link containing the URL Shortener like bit.ly, tinyURL.com, penyingkat goo.gl and other URLs.
0 komentar:
Posting Komentar