TechCrunch

A fairly nasty flaw – the ability to run a script in the title text of an eBook – could compromise the security of your Amazon account. The flaw, which reappeared recently after being patched in October, allows hackers to embed programs right into an eBook file that run when the book is examined via Amazon’s Kindle tools. It seems to be closed as of this writing but it can still affect apps and other websites.

The hack compromised the “Manage Your Content and Devices” and “Manage your Kindle” pages in the Kindle store.

You can read about the exploit here but, in short, it involves injecting a line like “” into a book title. When the book is examined on these pages, the script is run and the attendant cookies can be read and maliciously modified.

While most legitimate ebooks are safe, hackers could use this to target pirates…

View original post 163 more words