14 DAY TRIAL // The white hat hacker known as Gambit identified cross-site scripting (XSS) vulnerabilities on the main site of AOL (aol.com) and on the newsroom site of Cisco Systems (newsroom.cisco.com), the world-renowned network equipment company.
The hacker provided us with the details of the security holes that could be leveraged by cybercrooks to launch phishing attacks and steal user sessions from internauts who click on their maliciously crafted links.
According to Gambit, the owners of both sites were notified on the existence of the flaws, but because none of them responded to his inquiries, he decided to publish his findings.
“When a white-hat contacts a site, they need to respond ASPA, because this never replying and leaving the vuln there, or never replying and fixing it in secret just pisses people off,” the hacker told us.
Judging by past experiences, I have to agree with him, because as practice showed many times, companies and hackers can collaborate well when it comes to patching up vulnerable websites.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.