Blog / Where’s Your Information Coming From? What a Cross-Site Scripting Vulnerability Actually Means…
There are lots of different types of attacks and vulnerabilities that exist, when you are talking about the Internet. It isn’t simply that the extent of them is overwhelming; it’s also the variety and distinct behaviour of each type that makes it so hard to defend against.
I’ve talked about a bunch of different types of attacks over theses newsletters, but this time I figured I would talk about a type of cyber violation that occurs over & over & over. It happens because it’s not an easy strike to pull off, as it requires a fair bit of technical knowledge, and because it’s not well understood. It’s called a “Cross-Site Scripting” Attack.
Before I explain how it works, I’ll describe a bit about how the Internet operates (some of the parts you don’t see): HTML is, basically, the language of websites. One of the things HTML allows is to have different parts of the website get downloaded from different locations. For a small website that doesn’t see a lot of traffic, this isn’t a big deal. For a large website like YouTube or Google, it’s completely necessary and heavily relied on.
To give you a real-world example, think about going to Google. Nothing special about it; you’re just going to “google.ca”, to do a search. Ask yourself the following question: How many different websites do you pass through and load, before the page shows up and you can do a search? It slightly varies, depending on a lot of different things, but it’s probably around ten different websites and URLs that your traffic goes through and loads from, simply to land you on that Google Search Engine page.
Thus, given that websites are designed to be able to load bits and pieces from all over the place, let’s get down to Cross-Site Scripting (CSS) Attacks. Now let’s say your website loads a picture from some other server, in order to reduce the load. HTML is very flexible; just because it’s supposed to load a picture, doesn’t mean it needs to be. If you don’t take special care with the code, that image could be replaced with a bit of JavaScript that reprograms your entire website. All without ever compromising or even touching your actual website; directly, that is.
The reason this works is because it’s exactly how HTML should function. Your browser will load up all those different pieces and build the website. As long as everything is properly formatted, it’s not overly important where they’re located on the website. This is the essence of a Cross-Site Scripting Attack. An attacker compromises a portion of your website and uses it to basically reprogram whatever they want.
Now, to some people this may not seem like a big deal, as a picture can be replaced with something else. Well, it means that by supplanting an image with a bit of code, I can have this code also load the correct picture, hiding its presence. I can then have such code do whatever I want. It could be something simple, like loading ads in the background to increase my revenue from some service, or perhaps even installing a Keylogger… there are a lot of different possibilities.
What makes this sort of attack so dangerous, is the versatility of it. Obviously, some websites make better targets than others, due to many possibilities (login details for a financial institution and credit card information make juicy targets.) It’s important to understand the potential scope of this sort of attack and become aware that any of the tools you make use of, have web-based interfaces (like any firewall or switch in your network) which could be hiding something like this. Hence, remain vigilant, and make sure your standard routine will feature some type of updated scheduling built into it.
If you have any questions about Website Attacks, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.