http://www.theregister.co.uk/2009/08/27/nhs_spoof_email_xss_flaw/ By John Leyden The Register 27th August 2009 Updated - Cross-site scripting (XSS) vulnerabilities on the National Health Service's website created a means to send spoofed emails with dodgy medical advice. The vulnerabilities, now fixed, also created a potential means to run information-harvesting attacks. Various security shortcomings on the main nhs.uk website established a means for dodgy sorts to present content of their choosing in the context of the NHS site. The flaws were discovered by Phillip Clarke, a director at a small UK-based software development firm, who began looking into the issue after reading about recent cross-site scripting flaws on the websites of MI5 and the MoD. Clarke also found similar XSS flaws on the website of the National Institute for Health and Clinical Excellence in the UK (NICE), the organisation that publishes clinical appraisals of medical treatments. [...] ________________________________________ Subscribe to InfoSec News http://www.infosecnews.orgReceived on Fri Aug 28 2009 - 02:02:02 PDT
This archive was generated by hypermail 2.2.0 : Fri Aug 28 2009 - 02:23:56 PDT