wraggster
September 17th, 2014, 22:18
http://o.aolcdn.com/hss/storage/midas/e1291c61189cdc97839fac8b14e85dcf/200629354/fire-review2014-08-23-01.jpg (http://www.engadget.com/2014/09/16/kindle-security-flaw-e-books/)
Next time you come across a Kindle e-book link somewhere other than Amazon itself, you may want to make sure it's not some dubious website before you hit download or "Send to Kindle." A security researcher by the name of Benjamin Daniel Musser has discovered (http://b.fl7.de/2014/09/amazon-stored-xss-book-metadata.html) that the "Manage Your Kindle" page contains a security hole -- one that hackers can take advantage of with the help of e-books hiding malicious lines of code. Once you load the Kindle Library with a corrupted e-book (typically with a subject that includes <script src="https://www.example.org/script.js"></script>), a hacker gets access to your cookies, and, hence, your Amazon account credentials.
http://www.engadget.com/2014/09/16/kindle-security-flaw-e-books/
Next time you come across a Kindle e-book link somewhere other than Amazon itself, you may want to make sure it's not some dubious website before you hit download or "Send to Kindle." A security researcher by the name of Benjamin Daniel Musser has discovered (http://b.fl7.de/2014/09/amazon-stored-xss-book-metadata.html) that the "Manage Your Kindle" page contains a security hole -- one that hackers can take advantage of with the help of e-books hiding malicious lines of code. Once you load the Kindle Library with a corrupted e-book (typically with a subject that includes <script src="https://www.example.org/script.js"></script>), a hacker gets access to your cookies, and, hence, your Amazon account credentials.
http://www.engadget.com/2014/09/16/kindle-security-flaw-e-books/