SK Communications Detects Computer Security Vulnerability in Its 'Talk on'
SK Communications Detects Computer Security Vulnerability in Its 'Talk on'
  • By Kim Yu-na (yuna@koreaittimes.com)
  • 승인 2014.05.19 19:56
  • 댓글 0
이 기사를 공유합니다

SEOUL, KOREA - White hacker group Lockdown has said that it found a cross-site scripting (XSS) vulnerability in the “report” function of Talk on, an in-game voice chat instant messenger, offered by SK Communications, the developer of South Korean web portal Nate.


If users click on an attacker’s report button, the attacker become able to inject malicious scripts into Web pages viewed by the users, thereby exposing the users’ computers to varied security threats, such as malware, remote controlling, videotaping through a web cam, keylogging and personal data leaks. Furthermore, if memory manipulation programs are put to use, anyone can easily take advantage of XSS vulnerabilities.

Once an attacker exploits a memory manipulation program in turning a user’s nickname into a malicious script access point, XSS occurs in the report window immediately after the user clicks on the attacker’s report button, consequently affecting computers running Windows XP (and above) and Talk on version 1.0.9.0.

SK Communications has recently won a lawsuit over a personal data leak. The court sided with SK Communications, saying that it did its best in protecting users’ personal data. That being said, Talk on, a voice chat program that has been run by SK Communications as a beta service for five years and used by tens of thousands of online gamers, turned out to be susceptible to XSS attacks.

To block off XSS, one of computer security vulnerabilities typically found in web applications, Microsoft has equipped its Internet Explorer 8.0 (and above) with the Internet Explorer XSS Filter, but the anti-XSS filter failed to work properly on Talk on. It means Talk on is highly risky security wise. Lockdown is to submit a report on Talk on and the built-in XSS filter in Internet Explorer 8.0 to Microsoft.

SK Communications has swiftly taken countermeasures against such Talk on’s vulnerability to XSS attacks. Back in 2011, Nate and Cyworld, run by SK Communications, leaked the personal data of 3.5 million users. SK Communications said that it would continue to bolster its online security tools to prevent a recurrence of such security breaches.


댓글삭제
삭제한 댓글은 다시 복구할 수 없습니다.
그래도 삭제하시겠습니까?
댓글 0
댓글쓰기
계정을 선택하시면 로그인·계정인증을 통해
댓글을 남기실 수 있습니다.

  • ABOUT
  • CONTACT US
  • SIGN UP MEMBERSHIP
  • RSS
  • 2-D 678, National Assembly-daero, 36-gil, Yeongdeungpo-gu, Seoul, Korea (Postal code: 07257)
  • URL: www.koreaittimes.com | Editorial Div: 82-2-578- 0434 / 82-10-2442-9446 | North America Dept: 070-7008-0005 | Email: info@koreaittimes.com
  • Publisher and Editor in Chief: Monica Younsoo Chung | Chief Editorial Writer: Hyoung Joong Kim | Editor: Yeon Jin Jung
  • Juvenile Protection Manager: Choul Woong Yeon
  • Masthead: Korea IT Times. Copyright(C) Korea IT Times, All rights reserved.
ND소프트