| Which mobile application do you use to check the scores of your favorite games? If that's ESPN's ScoreCenter for iOS, then you have a problem, and it's called a "false feeling of security".
According to Zscaler, the application is not only transmitting the accounting data in plain-text, but is also susceptible to a XSS flaw, allowing the potential injection of active content.
A logical question emerges - what would an attacker do with your ESPN member account in case its gets compromised by a malicious party that's sniffing for passwords across insecure networks, and is the scenario I'm about to discuss feasible enough for a real world fraudulent operation?
Once compromised, an ESPN account offers a potential attacker access to your birth date, as well as complete access to your groups and friends' lists, allowing the attacker to attempt launching fraudulent campaigns on your behalf, such as, disseminating links to client-side exploits and malware serving sites, campaigns directly impersonating ESPN, or "need cash now" type of scams. Read More .. |
JB via www.zdnet.com, 4 months ago