SEARCH RESULTS
 
Showing 1-10 of 77 records
 
Expand article

SDL and the XSS Filter

2008-08-27 15:35:00 by sdl in The Security Development Lifecycle
 
...XSS Filter feature in IE8 I asked some other members of the SDL blog team why arent we talking about the new XSS Filter feature on the SDL blog? Bryan and Jeremy said something like thats a mitigation that only applies to specific clients and a subset of attacks. So we didnt cross-reference IEs XSS Filter post on the SDL blog at the time....
 
Tags: xss, xss filter, xss vulnerabilities, xss led, anti-xss library, xss attack, xss attacks, attacks, xss filter remembers
 
 
 
 
Expand article

XSS Comedy at McAfee Secure's Expense

2008-06-30 21:10:00 by Russ McRee in HolisticInfoSec.org
 
...XSS vulnerabilities in a site that is required to meet PCI DSS standards means that the site IS NOT PCI COMPLIANT. Very simple, right Let's consider the McAfee Secure/Hacker Safe-branded site for Organize-It A seemingly handy site, perfect for your HGTV types, likely with healthy credit card limits. Uh-oh, here it comes. Oh yes, Organize-It...
 
Tags: site, seemingly handy site, mcafee secure, mcafee, test, trusty marquee test, organize-it site, marquee, xss
 
 
 
 
Expand article

1&1 Internet Customers Vulnerable to XSS

2007-12-30 21:15:23 by RSnake in ha.ckers.org web application security lab
 
...XSS . The technique is simple, but it comes from the way in which they present ads based on detection of a file not found. They pop up an iframe based on file name which you can jump out of pretty easily. Not so good. Im not sure what sort of customers 1&1 Internet provides service for but Id be unhappy if I were a customer there. Apparently...
 
Tags: customers, xss, internet, dom based xss, file, john smith, predictable location, pretty easily, ads based
 
 
 
 
Expand article

Diminutive XSS Worm Replication Contest

2008-01-04 16:28:08 by RSnake in ha.ckers.org web application security lab
 
...XSS worm (with a non-dangerous payload The diminutive XSS worm replication contest is a week long contest to get some good samples of the smallest amount of code necessary for XSS worm propagation. Im not interested in payloads for this contest, but rather, the actual methods of propagation themselves. Weve seen the live worm code and all of...
 
Tags: xss worm, propagation, worm propagation issues, code, diminutive, live worm code, xss worm propagation, winners code, diminutive perl contests
 
 
 
 
Expand article

Diminutive XSS Worm Contest Drama and Status Update

2008-01-06 17:34:38 by RSnake in ha.ckers.org web application security lab
 
...XSS worm contest . One of my favorites was where I was being compared to arming people with nuclear weapons . Clearly, and admittedly most of these people have no background in the issue and have never read this site or the rest of sla.ckers, as there is lots of samples of existing worm code in lots of places on the Internet now. Just because...
 
Tags: browser companies, browser, browser security arena, code, people visit, people, worm code, diminutive xss worm, xss worm
 
 
 
 
Expand article

ScanAlert - XSS is Cool with Us

2008-01-21 20:58:57 by Bill in Grumpy Security Guy
 
...XSS because it is really a tricky issue to explain to people that dont understand. It basically boils down to bad people using my website to compromise clients. What they do with those compromised clients can range from fairly benign replicating worms , phishing scams , all the way to total remote control of the end users browser. The fine...
 
Tags: scanalert, xss, people, crazy people, mcafee acquires scanalert, security stories, bad people, xss vulnerabilities, underground security resources
 
 
 
 
Expand article

Obama XSS Silliness

2008-04-22 15:04:10 by Chris Eng in Zero in a bit
 
...XSS vulnerabilities throughout their website. Theres no need for me to rehash the story, you can read other articles that describe what happened . My thoughts on the matter are as follows I wish the media wouldnt refer to this as hacking Obamas website because its not quite accurate; XSS attacks end users, not the web site itself. Clearly one...
 
Tags: xss, obama, xss attacks, barack obama campaign, input validation, website, xss vulnerabilities, obamas website, web security
 
 
 
 
Expand article

XSS and PCI: Not compliant, or Hacker Safe

2008-01-18 11:43:00 by Russ McRee in HolisticInfoSec.org
 
...XSS that are certified McAfee Hacker Safe, there is more to this story Of the additional sites listed in Thomas Claburn's recent Information Week article , many take credit cards online and are thus required to comply with PCI DSS 1.1 If a website is vulnerable to XSS, THE COMPANY IS NOT PCI COMPLIANT Supporting language from the Payment Card...
 
Tags: xss, sites, additional sites, sites vulnerable, pci dss, pci compliant, vulnerable, session, information week article
 
 
 
 
Expand article

CIAC Tech Bulletin on XSS a valuable reference

2008-06-10 10:21:00 by Russ McRee in HolisticInfoSec.org
 
...XSS) , is that it should have been released a year ago or more But rather than nitpick, I'd like to applaud This is a fine effort, with a number of good resources cited You'll find content on the types of cross-site scripting, including DOM, non-persistent, persistent, and CSRF. Additionally, you'll note methods of protection and reference...
 
Tags: ciac, xss, vendors, xss vulnerabilities, ciac technical bulletin, major security vendors, stories continue, content, fine effort
 
 
 
 
Expand article

Orkut XSS Worm

2007-12-20 16:18:37 by RSnake in ha.ckers.org web application security lab
 
...XSS worm . Orkut is Googles version of social networking. It was big for a while, but I think everyone bailed in favor of the more open MySpace and Facebooks of the world. Its still widely used by the Portuguese population though Rough estimates are north of 300,000 people compromised, even though it was caught relatively quickly. Its amazing...
 
Tags: orkut, worm, post, community, orkut community, post scrapbook, xss worm, post requests, worm code