Posts Tagged With ‘cross-site scripting’


Google Earth, other mobile apps leave door open for scripting attacks

In the rush to create mobile apps that work across the leading smartphones and tablets, many developers have leaned heavily on web development tools and use embedded browsers as part of their packaged applications. But security researchers have shown that relying on browser technology in mobile apps—and even some desktop apps—can result in hidden vulnerabilities in those applications that can give an attacker access to local data and device features through cross-site scripting.

At today’s TakeDownCon security conference in Las Vegas, researcher Kyle Osborn will present some examples of cross-site scripting attacks that he and colleagues have discovered on mobile devices. “XSS is generally considered to be a browser attack,” Osborn said in an interview with Ars Technica. But many applications, he said, such as those built with cross-platform mobile-development tools like PhoneGap, use HTML rendering to handle display of data. If applications aren’t properly coded, it’s possible for JavaScript or other web-based attacks to be injected into them through externally-provided data. “Often, there are times when you can just make a JavaScript request and pull files from the local filesystem,” he said. Read more…


TakeDownCon Las Vegas Hosts Leading Industry Experts on Mobile Threats

As mobile and wireless devices and technology slowly become ubiquitous to our daily lives, their security is an area we cannot afford to ignore. TakeDownCon Las Vegas will be the platform where critical issues surrounding mobile and wireless security, are discussed and debated.

December 1, 2011 – Top ethical hackers from across the US will unveil the latest threats to mobile devices at next week’s TakeDownCon security conference in Las Vegas. TakeDownCon is the highly technical IT Security conference series designed by EC-Council that first launched this May in Dallas.

“The focus of TakeDownCon Las Vegas is on mobile and wireless security and we have assembled an all-star cast of leading cybersecurity minds who will be presenting cutting-edge vulnerabilities from mobile cross-site scripting to smartphone botnets, mobile application exploits and Android viruses,” said Leonard Chin, Conference Director for TakeDownCon. “Mobile devices pose one of the most significant and growing threats to corporate IT security and our speakers will be addressing a number of critical security management issues that are highly relevant for today’s businesses.” Read more…