/?pid=security-researcher-goes-public-with-msn-and-amazon-flaws-1198

Updated:04:11 AM EDT Aug 23


this is ggmania.com subsite Security Researcher Goes Public with MSN and Amazon Flaws - TechAmok

Security Researcher Goes Public with MSN and Amazon Flaws - [security]
04:58 PM EDT - Jul,02 2006 - post a comment

Frustrated with what he calls a lack of response from Microsoft and Amazon.com, a security researcher has gone public with details of flaws on the two companies' Web sites. The flaws could be used by attackers to steal "cookie" data files that would allow them to access Amazon.com and MSN accounts, or to display a fake login page that could be used in phishing attacks, according to Yash Kadakia, the independent security researcher who discovered the flaws.
Although the cross-site scripting flaws he discovered are generally considered to be low-risk problems, Kadakia's attack involves a technique called CRLF (Carriage Return Line Feed) injection, which can be used in a more serious and widespread attack, he said. Kadakia said he first notified Microsoft of the problem about a year ago. But he said he was not taken seriously until late last week, when he posted screen shots of the flaw being exploited on his Web site.

The Amazon.com flaw was discovered in December, but after some initial discussions with the Web retailer, the vulnerability remained unpatched, Kadakia said. "The conversations got dropped off somewhere," he said. A spokesman for Microsoft's public relations agency said the flaws were now being investigated. Amazon.com executives were unable to comment for this story.

Short overview of recent news articles

NVIDIA GeForce 581.08 WHQL Driver (Aug,23 2025 )

Murcielago with flames chasing an F1 car on highway (2025) (Aug,21 2025 )

Windows 11 24H2 Security Update Causes SSD/HDD Failures and (Aug,18 2025 )

Samsung Galaxy Z Fold 7 - Tips, Tricks & Hidden Features! (Aug,17 2025 )

500Hz OLEDs are Awesome - Gigabyte AORUS FO27Q5P Review (Aug,17 2025 )

They Said my Gaming & Badminton Club Would Never OPEN! (Aug,17 2025 )

NVIDIA GeForce Game Ready 580.97 WHQL Driver (Aug,13 2025 )

When your Bro needs a new computer... (Aug,13 2025 )

WhatsApp's latest update is a huge "convenience" for group chats (Aug,12 2025 )

COLLAPSE: Intel is Falling Apart (Aug,12 2025 )

Useless or Genius: NVMe SSD Coolers (Aug,11 2025 )

2025 NEW! Audi A6 3.0 TFSI - BETTER than BMW 5? / (Aug,11 2025 )

Ryzen 7 5800X3D vs. 9800X3D, Battlefield 6 Open Beta Benchmark (Aug,10 2025 )

How to Enter BIOS from Windows Using CMD | Easiest Method (No Key (Aug,10 2025 )

Battlefield 6 Open Beta Benchmark: 9800X3D vs. 9700X vs. 265K (Aug,09 2025 )

WhatsApp finally adds a useful photo feature for Android users (Aug,09 2025 )

OpenAI announces ChatGPT changes following user feedback (Aug,09 2025 )

Corsair MAKR75 Review - Ultimate DIY Keyboard Kit (Aug,06 2025 )

1176 Hardware vs Plugin - Is There Really a Difference? (Aug,06 2025 )

Do this NOW: Use Disposable Windows for Maximum Security! (Aug,06 2025 )

CPU/GPU Scaling: Ryzen 7 5800X3D (RTX 5090, 5080, RX 9070 & 9060 XT) (Aug,06 2025 )

XRP To $1000 By 2030... Know What You Hold BUT SELL YOUR XRP HERE: ? (Aug,05 2025 )

NURBURGRING HEAVY RAINSTORM! MANY Fails, Spins & Slippery Action! (Aug,03 2025 )

2025 Bentley Continental GTC SPEED // REVIEW on AUTOBAHN (Aug,03 2025 )

F1: Qualifying Highlights | 2025 Hungarian Grand Prix (Aug,03 2025 )

TikTok Adds Community Notes (Aug,03 2025 )

Apple Responds to US Antitrust Lawsuit (Aug,03 2025 )

Nvidia Denies Backdoor, but I thought that's what their logo was (Aug,03 2025 )

Threadripper 64 Core MONSTER - Holy S#!T! (Jul,31 2025 )

HW News - Gigabyte's Motherboard Mess, Linux Gains Market Share, (Jul,28 2025 )

Samsung Z Fold 7 Durability Test - The End is Near (Jul,27 2025 )

Silent Night, Deadly Night - Exclusive Trailer (Jul,27 2025 )

I Bought a Giant Video Wall on Craigslist! (Jul,27 2025 )

My Turn: Lamborghini Revuelto // Nurburgring (Jul,26 2025 )

F1: Qualifying Highlights | 2025 Belgian Grand Prix (Jul,26 2025 )

F1: Sprint Qualifying Highlights | 2025 Belgian Grand Prix (Jul,26 2025 )

I am biased against this laptop - Razer Blade 18 (Jul,26 2025 )

PRISONER OF WAR - Official Trailer | Starring Scott Adkins | In (Jul,26 2025 )

Battlefield 6 reveal trailer (Jul,24 2025 )

Samsung Galaxy Z Fold 7 - Two Week Review (Jul,22 2025 )

Killer 4K 240Hz QD-OLED for just £750: MSI MPG 272URX (Jul,21 2025 )

LAMBORGHINI URUS *STAGE 1* // REVIEW on AUTOBAHN (Jul,20 2025 )

THE BEST VW GOLF GTI I've Driven! Proper ClubSport (Jul,20 2025 )

Intel Core Ultra 9 275HX vs AMD Ryzen 9 9955HX - Which CPU is Best? (Jul,19 2025 )

LAMBORGHINI REVUELTO V12 // 370KMH REVIEW on UNLIMITED AUTOBAHN! (Jul,18 2025 )

Mortal Kombat II - Official Trailer (Jul,18 2025 )

Stranger Things 5 - Official Teaser (Jul,17 2025 )

Google Is Selling Fake Products - WAN Show July 11, 2025 (Jul,14 2025 )

Hacked by playing Call of Duty WW2 on Gamepass? (Jul,12 2025 )

2025 VW Golf GTE // TOP SPEED REVIEW on AUTOBAHN (Jul,12 2025 )

>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs