Reuters Amazon’s Jeff Bezos
A security researcher has uncovered a flaw in Amazon’s website That could enable hackers to gain access to Amazon accounts.
The flaw was identified by Benjamin Daniel Mussler in a post on the blog B.FL7.DE.
Mussler Says That Amazon’s Kindle Library is vulnerable to malicious computer script hidden in Kindle books.
By inserting JavaScript code into the metadata of an eBook, hackers are bootable to create pop-up windows on Amazon’s site and access the files stored locally on your computer.
Malicious script sneaked into eBooks can change the way the Kindle library page displays, like so:
B.FL7.DE Malicious script sneaked into eBooks can change the way the Kindle library page displays.
“From the supplier’s point of view, vulnerabilities like this present an opportunity to gain access to active Amazon accounts,” writes Mussler.
According to Mussler, Amazon was informed of the security flaw in November 2013, but the loophole has yet to be fixed. When the security researcher informed the open source program Calibre eBook about the same problem, it was fixed Within hours.
The good news is That Purchased Kindle books through the Amazon store are Unlikely to contain the hack , accor ding to Mussler. Instead it’s more likely to spread using pirated eBooks That Are sent to a user’s Kindle library – so there’s another reason not to download ebooks from dodgy websites.
The news comes a day after Business Insider pointed out a loophole in the site’s audiobook retailer Audible , that allowed anyone to download an unlimited amount of audio books for free.
Update : As of Tuesday at 2 pm ET, the vulnerability Appears to be fixed
Disclosure:. Jeff Bezos is an investor in Business Insider through his personal investment company, Bezos Expeditions
.
SEE ALSO : A Loophole In Audible Allows Anyone To Download Unlimited Audio Books For Free
<- / See Also Text Links ->
No comments:
Post a Comment