SEARCH RESULTS
 
Showing 1-10 of 94 records
 
Expand article

Online Finance Flaw: TIAA-CREF XSS & Potential CSRF

The Article has images
2008-12-03 09:42:00 by Russ McRee in HolisticInfoSec.org
...XSS ) vulnerability in a site that is of high value to phishing attackers With such a vulnerability available, the prospect of success for a phisher are much higher given that the malicious URL they would craft could include the actual target domain, rather than a faked misrepresentation. A simple script insertion at the vulnerable variable...
 
Tags: tiaa-cref, site, cross-site, tiaa-cref site, tiaa-cref security flaw, flaw, tiaa-cref security page, security page, cross site
 
 
 
 
Expand article

SDL and the XSS Filter

2008-08-27 15:35:00 by sdl in The Security Development Lifecycle
 
...XSS Filter feature in IE8 I asked some other members of the SDL blog team why arent we talking about the new XSS Filter feature on the SDL blog? Bryan and Jeremy said something like thats a mitigation that only applies to specific clients and a subset of attacks. So we didnt cross-reference IEs XSS Filter post on the SDL blog at the time....
 
Tags: xss, xss filter, xss vulnerabilities, xss led, anti-xss library, xss attack, xss attacks, attacks, xss filter remembers
 
 
 
 
Expand article

SDL and the XSS Filter, Revisited

2008-09-08 20:18:00 by sdl in The Security Development Lifecycle
 
...XSS Filter last week, I feel obligated to clarify my position. I believe that the SDL blog is mainly for development teams; after all, development is the D in SDL. Now, development teams are made up of more than just developers. Development teams include everyone involved in the development process from management on down. But development...
 
Tags: xss, xss filter, persistent xss, server-side xss defense, development teams include, development teams, development, sdl, sdl requirements
 
 
 
 
Expand article

XSS Comedy at McAfee Secure's Expense

2008-06-30 21:10:00 by Russ McRee in HolisticInfoSec.org
 
...XSS vulnerabilities in a site that is required to meet PCI DSS standards means that the site IS NOT PCI COMPLIANT. Very simple, right Let's consider the McAfee Secure/Hacker Safe-branded site for Organize-It A seemingly handy site, perfect for your HGTV types, likely with healthy credit card limits. Uh-oh, here it comes. Oh yes, Organize-It...
 
Tags: site, seemingly handy site, mcafee secure, mcafee, test, trusty marquee test, organize-it site, marquee, xss
 
 
 
 
Expand article

1&1 Internet Customers Vulnerable to XSS

2007-12-30 21:15:23 by RSnake in ha.ckers.org web application security lab
 
...XSS . The technique is simple, but it comes from the way in which they present ads based on detection of a file not found. They pop up an iframe based on file name which you can jump out of pretty easily. Not so good. Im not sure what sort of customers 1&1 Internet provides service for but Id be unhappy if I were a customer there. Apparently...
 
Tags: customers, xss, internet, dom based xss, file, john smith, predictable location, pretty easily, ads based
 
 
 
 
Expand article

Diminutive XSS Worm Replication Contest

2008-01-04 16:28:08 by RSnake in ha.ckers.org web application security lab
 
...XSS worm (with a non-dangerous payload The diminutive XSS worm replication contest is a week long contest to get some good samples of the smallest amount of code necessary for XSS worm propagation. Im not interested in payloads for this contest, but rather, the actual methods of propagation themselves. Weve seen the live worm code and all of...
 
Tags: xss worm, propagation, worm propagation issues, code, diminutive, live worm code, xss worm propagation, winners code, diminutive perl contests
 
 
 
 
Expand article

Diminutive XSS Worm Contest Drama and Status Update

2008-01-06 17:34:38 by RSnake in ha.ckers.org web application security lab
 
...XSS worm contest . One of my favorites was where I was being compared to arming people with nuclear weapons . Clearly, and admittedly most of these people have no background in the issue and have never read this site or the rest of sla.ckers, as there is lots of samples of existing worm code in lots of places on the Internet now. Just because...
 
Tags: browser companies, browser, browser security arena, code, people visit, people, worm code, diminutive xss worm, xss worm
 
 
 
 
Expand article

ScanAlert - XSS is Cool with Us

2008-01-21 20:58:57 by Bill in Grumpy Security Guy
 
...XSS because it is really a tricky issue to explain to people that dont understand. It basically boils down to bad people using my website to compromise clients. What they do with those compromised clients can range from fairly benign replicating worms , phishing scams , all the way to total remote control of the end users browser. The fine...
 
Tags: scanalert, xss, people, crazy people, mcafee acquires scanalert, security stories, bad people, xss vulnerabilities, underground security resources
 
 
 
 
Expand article

Obama XSS Silliness

2008-04-22 15:04:10 by Chris Eng in Zero in a bit
 
...XSS vulnerabilities throughout their website. Theres no need for me to rehash the story, you can read other articles that describe what happened . My thoughts on the matter are as follows I wish the media wouldnt refer to this as hacking Obamas website because its not quite accurate; XSS attacks end users, not the web site itself. Clearly one...
 
Tags: xss, obama, xss attacks, barack obama campaign, input validation, website, xss vulnerabilities, obamas website, web security
 
 
 
 
Expand article

XSS and PCI: Not compliant, or Hacker Safe

2008-01-18 11:43:00 by Russ McRee in HolisticInfoSec.org
 
...XSS that are certified McAfee Hacker Safe, there is more to this story Of the additional sites listed in Thomas Claburn's recent Information Week article , many take credit cards online and are thus required to comply with PCI DSS 1.1 If a website is vulnerable to XSS, THE COMPANY IS NOT PCI COMPLIANT Supporting language from the Payment Card...
 
Tags: xss, sites, additional sites, sites vulnerable, pci dss, pci compliant, vulnerable, session, information week article