PRTODAY / NewswireToday Free press release distribution service network

Written by / Agency / Source: NeonDrum Ltd

Check Ads Availability|e-mail Article


Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!

Microsoft SharePoint and LinkedIn Data at Risk from Framesniffing Attacks Finds Context IS - Latest Context Information Security blog provides simple fix to protect Internet and Intranet sites - Contextis.com
Microsoft SharePoint and LinkedIn Data at Risk from Framesniffing Attacks Finds Context IS

 

NewswireToday - /newswire/ - Reading, Berkshire, United Kingdom, 2012/03/14 - Latest Context Information Security blog provides simple fix to protect Internet and Intranet sites - Contextis.com.

   
 
Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


 

Context Information Security has highlighted a weakness in Internet Explorer, Chrome and Safari web browsers that enables remote attackers to steal sensitive information held on private Microsoft SharePoint sites, as well as mine data from other public websites such as LinkedIn. In these Framesniffing Attacks, a hidden HTML frame is used to load a target website inside the attacker's malicious webpage to read information about the content and structure of the framed pages. The attack bypasses browser security restrictions that are meant to prevent webpages directly reading the contents of third-party sites loaded in frames.

“Using Framesniffing, it's possible for a malicious webpage to run search queries for potentially sensitive terms on a SharePoint server and determine how many results are found for each query,” said Paul Stone, senior security consultant at Context. “For example, with a given company name it is possible to establish who their customers or partners are; and once this information has been found, the attacker can go on to perform increasingly complex searches and uncover valuable commercial information.”

Context researchers tested SharePoint 2007 and 2010 and found that by default, they do not send the X-Frame-Options header that instructs web browsers to disallow framing. This leaves these applications open to both Framesniffing and Clickjacking. As a result, any website that knows the URL of the SharePoint installation can load it in a frame and carry out these attacks, even if it is only accessible on an Intranet.

Following the discovery of this vulnerability, Context contacted Microsoft and was told: "We have concluded our investigation and determined that this is by-design in current versions of SharePoint. We are working to set the X-Frame options in the next version of SharePoint."

Framesniffing can also be used to harvest confidential data from public websites, such as LinkedIn that don’t protect against framing. An attacker using a malicious website could build a profile of visiting users by piecing together small pieces of information leaked from different websites. For example, the product IDs of previously bought items from a shopping site could be combined with a person’s user ID from a social networking site.

Context’s blog published today at contextis.com/research/blog/framesniffing, includes a video that shows an attacker extracting sensitive information from a fictional corporate SharePoint installation. In the blog, Context also provides five simple steps to protect a website from this attack by adding the X-Frame-Options header. While Mozilla updated its Firefox web browser last year to prevent Framesniffing, the latest versions of Internet Explorer, Chrome and Safari are still vulnerable.

Fortunately, protecting a website from this attack is a simple matter of adding the X-Frame-Options header and in its blog, Context provides step-by-step instructions on how to do this. “Users of the Firefox browser are already protected against this attack,” said Stone. “We encourage other browser vendors to apply similar protection to their browsers but in the meantime, the onus is on individual websites to add framing protection via X-Frame-Options.”

About Context

Context Information Security (Contextis.com) is an independent security consultancy specialising in both technical security and information assurance services. Founded in 1998, the company’s client base has grown steadily based on the value of its product-agnostic, holistic approach and tailored services combined with the independence, integrity and technical skills of its consultants.

Context is ideally placed to work with clients worldwide with offices in the UK, Australia and Germany and its client base includes some of the most prestigious blue chip companies in the world, as well as government organisations. As best security experts need to bring a broad portfolio of skills to the job, Context staff offer extensive business experience as well as technical expertise to deliver effective and practical solutions, advice and support. Context reports always communicate findings and recommendations in plain terms at a business level as well as in the form of an in-depth technical report.

Issued by Context Information Security

Contact:
Peter Rennison / Allie Andrews PRPR,
T: +44(0)1442 245030 - E: pr[.]prpr.co.uk.

 
 
Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


 

Written by / Agency / Source: NeonDrum Ltd

 
 

Availability: All Regions (Including Int'l)

 

Traffic Booster: [/] Quick Newswire Today Visibility Checker

 

Distribution / Indexing: [+]

 
 
# # #
 
IT Security Anti-Spam Computer Security - Purchase keywords tags antivirus software firewall spyware removal virus scan computer security IT Security Anti-Spam malware / Banner Ads!.

 
  Your Banner Ad showing on ALL
IT Security/Anti-Spam articles,
CATCH Visitors via Your Competitors Announcements!


Microsoft SharePoint and LinkedIn Data at Risk from Framesniffing Attacks Finds Context IS

Company website links NOT available to basic submissions
It is OK to republish and/or LINK any newswire for any legitimate media purpose as long as you name Newswire Today and LINK as the source.
 
  Is this your article?
Activate ALL web links and social stream by Upgrading to Press Release PREMIUM Plan Now!

|
Publisher Contact: Liz Hartney - NeonDrum.com 
+44(0)75 1051 8732 pr[.]prpr.co.uk
 
Newswire Today - PRZOOM / PRTODAY disclaims any content contained in this article. If you need/wish to contact the company who published the current release, you will need to contact them - NOT us. Issuers of articles are solely responsible for the accuracy of their content. Our complete disclaimer appears here.
IMPORTANT INFORMATION: Issuance, publication or distribution of this press release in certain jurisdictions could be subject to restrictions. The recipient of this press release is responsible for using this press release and the information herein in accordance with the applicable rules and regulations in the particular jurisdiction. This press release does not constitute an offer or an offering to acquire or subscribe for any NeonDrum Ltd securities in any jurisdiction including any other companies listed or named in this release.

IT Security/Anti-Spam via RSSAdd NewswireToday - PRZOOM Headline News to FeedBurner
Find who RetweetFollow @NewswireTODAY



Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!


Read Latest Articles From NeonDrum Ltd / Company Profile


Read IT Security/Anti-Spam Most Recent Related Newswires:

Frost & Sullivan Acclaims FireEye’s Dominance of the Global Advanced Malware Sandbox Market
High-Tech Bridge and Barracuda Join Efforts to Improve Web Application Security
Barracuda Simplifies Web Application Security for AWS Customers
Dell Unveils High-Performing, Quad Core Wyse 5060 Thin Client Designed for Knowledge Workers
Check Point vSEC Achieves AWS Security Competency
Gatwick Airport Relies on Splunk Cloud to Enhance Performance and Collaboration
For the Fourth Year, Flexera Software Named a Chicago Tribune 2016 Top 100 Workplace
Barracuda Announces Web Security Gateway Updates to Enhance Advanced Threat Protection, and Network Performance
Portnox Wins Top Honors from Frost & Sullivan for its Software-based Network Access Control Solution, the Portnox NAC
Infinera Powers Cloud Scale Networks with New DTN-X Platforms
ForeScout Named as One of the Fastest Growing Companies in North America on Deloitte’s 2016 Technology Fast 500
Comodo Launches New Full-lifecycle Digital Certificate Management Platform
Privatoria.net Launches An Effective Plugin to Simplify its Users’ Experience
Gigamon to Showcase its Innovative Visibility Fabric Solutions At RSA Conference 2016 Abu Dhabi
CenturyLink and Infinera Deliver 2.5 Tb/s of Super-channel DWDM Capacity at Super Computing 2016

Boost Your Social Network
& Crowdfunding Campaigns


LIFETIME SOCIAL MEDIA WALL
NewswireToday Celebrates 10 Years in Business


PREMIUM Members


Visit  Triggr & Bloom

Visit  JobsWare.com





 
  ©2016 Newswire Today — Limelon Advertising, Co.
Home | About | Advertise/Pricing | Contact | Investors | Privacy/TOS | Sitemap | FRANCAIS
newswire, PR free press releases distribution service magazines engine news alert newsroom press room breaking news public relations articles company news alerts newswiredistribution ezine bizentrepreneur biznewstoday digital business report market search pr firms agencies reports distri-bution today investor relation successful internet entrepreneurs newswire distribution prtoday.com freenewswiredistribution asianewstoday bizwiretoday USA pr UK today - NOT affiliated with PRNewswire as we declined their partnership offer in 2013
 
PRTODAY & NewswireTODAY are NOT affiliated with USA TODAY (usatoday.com)