Review of Tempo by BlueMaestro

More

Leo’s Fortune Review

More

Get better control of your kids tablet with Screen Time

More

Review of the Blackwell series from WadjetEye Games

More

Android Cowboy

  • Apps
  • Devices
  • Kindle
    • Kindle Devices
    • Kindle Apps
    • Kindle Rooting
  • Guides
  • News
  • Indie Corner
  • Home
  • Get in touch with us
    • Advertise with us or have your app reviewed
    • Write for us
    • General Contacts
  • Android APK Downloads
  • OliverMarshall.net

Kindle ebook could have hacked your Amazon account

Researchers have successfully managed to get Amazon to fix a security flaw in their Kindle Library service (also known as “Manage Your Content and Devices” and “Manage your Kindle”). The security flaw allowed javascripts to be actioned when a book was viewed in the web interface.

If a SCRIPT tag was included in the books title then, when the book was viewed in the online Kindle Library service, that script was executed. Those scripts could easily allow a hacker to access your Amazon cookies which in turn would allow them access to your Amazon account. Pretty nasty stuff.

Amazon fixed this issue yesterday (16th September 2014) after it was re-discovered by the researchers. That’s right, re-discovered. The issue had previously been fixed by Amazon and had somehow been re-included in recent updates to the service.

This kind of thing is really worrying. 10 years ago the web was plagued by SQL injection attacks where poorly written forms on websites would allow users to include database commands. These were then actioned when the form data was saved to the database powering the site, giving hackers complete control of the site and it’s data. Now, poorly validated code was twice released by one of the largest content providers on the planet, and that code could have given any ebook creator great power over your Amazon account. I bet you save your credit cards in your Amazon account, so imagine what a hacker could order.

Different methods of attack, but they both come down to the same issue. Developers dealing with our data, who we depend on and trust, really need to be paying more attention to how people might be looking to take advantage of their code.

You can read the full security article here.

Sep 17, 2014Oliver Marshall
Android apps coming to ChromeOSSecure p2p messaging comes one step closer
You Might Also Like
 
Top 10 Free Kindle Fire HD Games
 
MoDaCo Gr5 (6.2.2): Kindle Fire Custom Rom Review (Update: 6/14 – Gr9)

Leave a Reply Cancel reply

Oliver Marshall
Oliver Marshall

Oliver lives in the south of England and has a strange obsession with everything Google. He also runs Marshall Games and you can also see him posting over at OliverMarshall.net

9 years ago News, NewsKindle Devices
0
GooglePlus
0
Facebook
0
Twitter
0
Stumbleupon
0
Pinterest
Recent Articles
Lumberyard is safe to use in the event of a zombie outbreak
7 years ago
Amazon introduces Lumberyard, a free cloud aware game engine.
7 years ago
5 of the best new features in Android 5 Lollipop
8 years ago
Search
About

Android Cowboy

Serving up the daily Android and Kindle news, reviews and guides
Search
Recent Posts
Lumberyard is safe to use in the event of a zombie outbreak
7 years ago
Amazon introduces Lumberyard, a free cloud aware game engine.
7 years ago
Subscribe

Sign up for our newsletter to receive the latest news and event postings.

2014 © Android Cowboy
Go to mobile version