Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Security researchers have noted a security vulnerability lurking on the online booking website for airline Qantas.
The cross-site scripting vulnerability was discovered by an anonymous user and submitted to security watchlist XSSED.com - the second time the integrity of Qantas' web properties has been called into question by the publication.
Security experts monitoring the site are as yet unsure of what data - if any at all - the script is capable of stealing from the page.
"XSS (cross-site scripting) is one of the most common tools in the hacking trade," noted Kane Lightowler, regional sales director at IT security vendor Imperva.
"XSS allows an attacker to inject malicious software into websites that are, in turn, accessed by unwary consumers who are often asked to provide credentials such as usernames, passwords or credit card information."
Lightowler noted that "nearly every major website today has been affected by XSS attacks, including Facebook and Twitter."
UPDATE - Tuesday 3pm - Qantas has responded to this story.
"Qantas takes a proactive approach to detecting and responding to these sorts of issues. We are aware of the issues identified by XSSED.com and are currently in the process of implementing changes to remedy any associated vulnerabilities."
UPDATE - Tuesday 3:20pm
Qantas has confirmed the problem has been resolved. "We have also confirmed that there was no threat to the personal information of our customers," an airline spokesman said.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.