Sometimes I just want to give up. I really hate XSS because it is really a tricky issue to explain to people that don’t understand. It basically boils down to bad people using my website to compromise clients. What they do with those compromised clients can range from fairly benign replicating worms , phishing scams, [...]
Entries from January 2008
ScanAlert - XSS is Cool with Us
January 21st, 2008 ·
Tags: Security Industry
Open up that Wireless Network!
January 9th, 2008 ·
I love when Bruce and I agree, it makes me feel smarter then I am. I have had a wireless network in my house for about 5 years. Never once has it had any kind of encryption or security. When I setup my neighbors wireless I leave it wide open as well. The crazy foil [...]
Tags: Security
5 Security Predictions for 2008
January 8th, 2008 ·
1. We will see the first multi-website XSS worm.
I think we will finally get a true cross site XSS work in 2008. Combining XSRF and XSS to propagate a worm across multiple sites and multiple domains. The first one will be benign but the others will be much more malicious in nature. Leading victim candidate [...]
Tags: Security Industry · web site security
Mastercard.com NOT PCI Compliant
January 5th, 2008 ·
Someone has found an XSS vulnerability on mastercard.com. The place it was found, the search function, is a notorious location for XSS vulnerabilities. The XSS payload that triggers the vulnerability leads me to believe that there was a fair amount of filtering going on but I guess not enough.
Who does Mastercard pay PCI penalties to?
If [...]
Tags: web site security
