This is Scientific American 60-Second Science. I'm Christopher Intagliata. Got a minute?
Now that you've changed all your passwords because of the Heartbleed Bug (right?),
here's something else to worry about, your smartphone might be susceptible to one of the Web's most common hacks, something called a cross-site scripting attack.
Here's how it works.
Let's say you scan a 2-D bar code with your phone.
The bar code contains information, including, perhaps, a string of malicious JavaScript code.
If your bar code reader is a native iPhone or Android app, no problem.
But if it's an HTML5 app, which works across platforms, you might be in trouble.
Because HTML5 apps run on JavaScript.
And some are designed to detect JavaScript in a jumble of data, like that bar code and execute it.
Researchers found five bar code–scanner apps with that vulnerability in the Android marketplace and three in the iPhone app store.
They'll present the results at the Mobile Security Technologies workshop in San Jose in May.
HTML5 apps are forecast to dominate half the market by 2016.
And since bad code can hide in mp3s, photos, texts, even the names of wi-fi networks,
researchers say it's time for developers to wise-up to this glitch before it goes viral.
Thanks for the minute, for Scientific American 60-Second Science. I'm Christopher Intagliata.
如果对题目有疑问,欢迎来提出你的问题,热心的小伙伴会帮你解答。
精听听写练习