Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Company Says NASDAQ Waited Two Weeks To Fix XSS Flaw

Posted by samzenpus on from the better-late-than-never dept.

alphadogg writes "A Swiss security company said the NASDAQ website had a serious cross-site scripting vulnerability for two weeks before being fixed on Monday, despite earlier warnings. Ilia Kolochenko, CEO of the Geneva-based penetration testing company High-Tech Bridge, said he repeatedly emailed NASDAQ and warned of the XSS flaw. 'I can basically say I have spammed them,' Kolochenko said in an interview. A NASDAQ spokesman did not have immediate comment. NASDAQ.com lets users create accounts and build a profile to monitor stocks and news."

4 of 61 comments (clear)

  1. Very difficult. by d33tah · · Score: 4, Funny

    What are you laughing at, it's clearly very difficult to fix one XSS vulnerability.

  2. Penetration testing company by Anonymous Coward · · Score: 0, Funny

    Butt-Head: Huh huh, you said penetration.
    Beavis: I'd love to work at that place!

  3. Re:How about the real story today? by CajunArson · · Score: 1, Funny

    Just remember, NASDAQ runs on Windows on days when things go wrong (it runs Linux during the rest of the week).

    --
    AntiFA: An abbreviation for Anti First Amendment.
  4. Re:good process is not trivial by NatasRevol · · Score: 4, Funny

    In reality,

    Dev gets email, updates code, posts to live website.

    He's just 3 weeks behind on email.

    --
    There are two types of people in the world: Those who crave closure