[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] NHS heals serious spoof email flaw
From: InfoSec News <alerts () infosecnews ! org>
Date: 2009-08-28 9:02:02
Message-ID: Pine.LNX.4.61.0908280401550.23020 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://www.theregister.co.uk/2009/08/27/nhs_spoof_email_xss_flaw/
By John Leyden
The Register
27th August 2009
Updated - Cross-site scripting (XSS) vulnerabilities on the National
Health Service's website created a means to send spoofed emails with
dodgy medical advice. The vulnerabilities, now fixed, also created a
potential means to run information-harvesting attacks.
Various security shortcomings on the main nhs.uk website established a
means for dodgy sorts to present content of their choosing in the
context of the NHS site. The flaws were discovered by Phillip Clarke, a
director at a small UK-based software development firm, who began
looking into the issue after reading about recent cross-site scripting
flaws on the websites of MI5 and the MoD.
Clarke also found similar XSS flaws on the website of the National
Institute for Health and Clinical Excellence in the UK (NICE), the
organisation that publishes clinical appraisals of medical treatments.
[...]
________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic