Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Cross-Site Scripting Criminal Hacks

0
Pin It

Secure computing requires an ongoing process, as you learn about risks and then implement processes and technology to protect yourself. Without a concerted effort to defend your data, you will almost certainly by victimized by some type of cyber-invasion.

JavaScript is everywhere, making the Internet pretty and most websites user friendly. Unfortunately, hackers have learned to manipulate this ubiquitous technology for personal gain. Java can be used to launch a cross-site scripting attack, which leverages a vulnerability often found in applications that incorporate Java. The vulnerability allows hackers to insert code into a website you frequent, which will infect your browser and then your PC.

Following links without knowing what they point to, using interacting forms on an untrustworthy site, or viewing online discussion groups or other pages where users may post text containing HTML tags can put your browser at risk.

Facebook, one of the most popular websites, is a likely place for JavaScript hacks, due to cross-site scripting vulnerabilities and the overall lack of security of Facebook users. This allows hackers to read a victim’s private Facebook messages, to access private pictures, to send messages to the victim’s contacts on his or her behalf, to add new (and potentially dangerous) Facebook applications, and to steal the victim’s contacts.

Beware of going down the rabbit hole when browsing the Internet. Once you start clicking link after link, you may find yourself on an infected site. And look out for scams such as contests that require you to paste code into Facebook, your blog, or any other site.

To protect yourself from cross-site scripting attacks, update your browser to the most recent version, with the most current security settings.

McAfee offers a free tool, SiteAdvisor, which helps detect malicious sites. In Firefox, you can install NoScript, a plug-in that lets you control when to enable JavaScript. NoScript also includes a list of good and bad sites. In Chrome, you can disable JavaScript in preferences, and in Internet Explorer, you can fiddle with the settings and adjust “Internet Zones,” but the default settings are best for most people. In Adobe Reader, JavaScript can be disabled all together, under “Edit” and then “Preferences.”

That being said, after messing with default browser or program settings, the reduced functionality may impede your ability to do anything online. The trick is to have the most updated security software and to avoid social engineering scams that ask you to click links or copy code.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)

About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.

Similar Posts

  • How to prevent being tracked
    You worry about being hacked, but what about being tracked? Yes, there are hackers and then there are trackers. Internet tracking namely refers to the user’s browsing habits being followed. But there are ways to make the trackers harder to tag behind you. Duhh, a fake name. What an innovative idea! It’s amazing how many people have
  • 6 Ways to halt Online Tracking
    “On the Internet, you can be ANYBODY!” Not quite. Remaining anonymous in cyber space isn’t as easy as it used to be. Your browsing habits can be tracked, leading to your true identity. But there are things you can do to remain as anonymous as possible. Don’t feel you must use your full, real name when filling
  • 100 Million Facebook Profiles Published via P2P
    Personal information on 100 million Facebook users has been scraped from the social media site and is being shared and download as a single file via what is called a Bittorrent. BitTorrent is a peer-to-peer (P2P) file sharing protocol used for distributing large amounts of data. Facebook  takes on the issue is the data that was scraped wasn’t private at
  • How to stop Browser Tracking
    Maybe you don’t mind the ads for that bicycle rack following you around in cyberspace after you visited a site for all things bike, but browser trackers (“cookies”) also create a profile of you that gets sold to other advertisers and third parties. Are you doomed to be stalked forever by bike ads? This is caused
  • Criminal Hackers Get to Momma and DaDa Via Children
    Robert Siciliano Identity Theft Expert I’m particularly irate about this. There’s criminal hackers, then there’s complete lowlife scumbag criminal hackers that hack children. InternetNews reports hackers took over sections of the PBS.org Web site earlier this week, installing malicious JavaScript code on the site’s “Curious George” page that infects visitors with a slew of software exploits. For the uninitiated

Leave a Comment

You must be logged in to post a comment.

Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category