xss Resources

Did you mean XSS (88 results)

ZDNet Dictionary Definition

XSS: (CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a...; Full XSS Definition >>

ZDNet Resources

Mozilla tackles XSS vulnerabilities with new technology: Mozilla tackles XSS vulnerabilities with new technologysounds kinda like SPF, but for JavaScriptVery cool!On another note, any idea's why Firefox doesn't take advantage of the Sandbox framework provided by Vista?Is it because of Vista's market share, to ease cross platform porting, or something else?It's JavaScript not Java ScriptSome purists might...; Tags: Scripting languages, Web browsers, JavaScript, XSS Vulnerability, XSS, Mozilla Corp.; Discussion threads 2009-06-22
Mozilla tackles XSS vulnerabilities with new technology: Mozilla's security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting XSS plague against modern Web browsers. The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for...; Tags: Vulnerability, XSS, Web Browser, Mozilla Corp., Web Browsers, Internet, Ryan Naraine; Blog posts 2009-06-22
StrongWebmail CEO's mail account hacked via XSS: StrongWebmail CEO's mail account hacked via XSSXSS is one way to do it.. But the telephone authentication is still a flawed 2-factor authentication method.Well, I was really hoping I'd get to it before Lance did, my hat's off to you brother. I would have just attacked it form the phone...; Tags: Telecom & Utilities, phone, XSS, StrongWebMail; Discussion threads 2009-06-04
StrongWebmail CEO's mail account hacked via XSS: A Webmail service that touts itself as hack-proof and offered $10,000 to anyone who could break into the CEO's e-mail has lost the challenge. A trio of hackers successfully compromised the e-mail using persistent cross-site scripting XSS vulnerability and are now claiming the bounty. ...; Tags: XSS, CEO, E-mail, Online Communications, Ryan Naraine; Blog posts 2009-06-04
Five 'must-secure' Web app vulnerabilities: Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention. According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead...; Tags: Novell Inc., Apache Geronimo, Attacker, Vulnerability, XSS, Web Application, SAP AG, Attack, Authentication Credential, SAP cFolders SAP cFolders, CS Whois Lookup CS Whois Lookup, Security, Ryan Naraine; Blog posts 2009-04-29

Twitter worm author gets a job at exqSoft Solutions: UPDATE: Mikeyy Mooney of Stalk Daily gets Hacked. Here's more info. Now that was so fast that even Owen Thor Walker AKILL and Michael Calce Mafiaboy should envy the short cybercrime-to-job offer cycle here. 17 years old Mikeyy Mooney, the author/spreader of StalkDaily/Mickeyy XSS worm that exploited...; Tags: Job, Web, XSS, Web Application, Worm, Twitter, Cloud Computing, Cyberthreats, Channel Management, Security, Viruses And Worms, Marketing, Dancho Danchev; Blog posts 2009-04-17
Twitter hit by multiple variants of XSS worm: Twitter hit by multiple variants of XSS wormYou're behind the times...This has already hit the /. community two days ago and most of the talk has been the usual "tar & feather" kind for the 17 year old that had created this particular worm. Especially given that at least...; Tags: Cyberthreats, Viruses and worms, SECURITY, worm, XSS worm, multiple variant, XSS, Twitter; Discussion threads 2009-04-14
Twitter hit by multiple variants of XSS worm: During the weekend and early Monday, at least four separate variants of the original StalkDaily.com XSS worm hit the popular micro-blogging site Twitter,Â automatically hijacking accounts and advertising the author's web site by posting tweets on behalf of the account holders, by exploiting cross site scripting flaws at the site....; Tags: Flaw, XSS, Worm, Twitter, www.StalkDaily.com, Mikeyy XSS, Cyberthreats, Viruses And Worms, Security, Dancho Danchev; Blog posts 2009-04-14
Google downplays severity of Gmail CSRF flaw: Yesterday, Vicente Aguilera Diaz from Internet Security Auditors released proof of concept of a CSRF (Cross-Site Request Forgery) vulnerability in Google's Gmail, which he originally communicated to Google two years ago. The CSRF flaw affects Gmail's "Change Password" function, since according to Diaz the session cookie is automatically sent by...; Tags: Google Inc., Google Gmail, Password, Flaw, Vulnerability, XSS, CSRF Flaw, E-mail Providers, Cloud Computing, Security, Internet, Dancho Danchev; Blog posts 2009-03-04
URL rewriting can help thwart Web app attacks: A Microsoft Web application security specialist is suggesting an offbeat defense-in-depth strategy to protect Web sites and applications from cross-site scripting XSS and cross-site request forgery XSRF attacks. According to Bryan Sullivan, security program manager for Redmond's Security Development Lifecycle team, Web developers should consider URL Rewriting...; Tags: Hyperlink, Attacker, Vulnerability, XSS, Web Application, Attack, Microsoft Web Application Security Specialist, Bryan Sullivan, E-mail, Security, Online Communications, Ryan Naraine; Blog posts 2009-02-27
Flaw exposes Chrome, Firefox to clickjacking: Flaw exposes Chrome, Firefox to clickjackingStonewalling over IE???How about the flaw in IE 6? IE 7?? After all, most users would be on one of those...not IE 8. LOVE how the headline leaves IE out and focuses on Chrome and Firefox.Whoa!Microsoft actually on top of security issues...; Tags: Web browsers, Spyware, adware & malware, Cyberthreats, SECURITY, Viruses and worms, Anti-spyware tool, NoScript, Microsoft Internet Explorer, malware, Mozilla Firefox, Web browser; Discussion threads 2009-01-29
First look - Internet Explorer 8 RC1: Yesterday Microsoft made available Internet Explorer 8 RC1 (release candidate 1), which means that as far as Microsoft is concerned, IE8 is cooked and that barring anything major, this will become the final release. So, what's the new browser like? by Adrian Kingsley-Hughes; Tags: XSS, Microsoft Internet Explorer, Web Browser, IE8, Web Browsers, Internet, Adrian Kingsley-Hughes; Blog posts 2009-01-27
MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200): Cross-site scripting attacks are one of the most common attack vectors that plague Web applications. This webcast provide an overview of the tools designed for discovery and mitigation of cross-site scripting vulnerabilities in Microsoft .NET applications. Specifically, it looks at CAT.NET, which is a static code analysis tool developed by...; Tags: Microsoft Developer Network, Webcast, XSS, Microsoft Corp., Cross-site Scripting Attack; Webcasts 2009-01-09
Four XSS flaws hit Facebook: Four XSS flaws hit FacebookDon't worry, it's not like anyone says that web/cloud apps are the future; Tags: XSS FLAWS, XSS, Facebook; Discussion threads 2008-12-15
Four XSS flaws hit Facebook: Project XSSed, the clearing house for cross site scripting flaws has just released details on four flaws affecting Facebook's developers page, iPhone login page and the new users registration page, potentially assisting malicious attackers into adding more legitimacy to their campaigns. With yet another critical XSS flaw hitting Facebook in...; Tags: Social Networking, Facebook, Flaw, XSS, Malware, Social Engineering, Security, Dancho Danchev; Blog posts 2008-12-15
Google fixes critical XSS vulnerability: Google fixes critical XSS vulnerabilityYour first sentence says what? ntntRe: Your first sentence says what?http://en.wikipedia.org/wiki/All_your_base_are_belong_to_us in the sense that they fixed it fast enough before someone could abuse it.Wow, really?We really need to get better at 'passing the torch' or all the old traditions will die. You never heard...; Tags: XSS Vulnerability, XSS, Google Inc.; Discussion threads 2008-11-12
Google fixes critical XSS vulnerability: All your accounting data are not belong to us. Hours after a proof of concept example detailing a XSS vulnerability at Google's account login page was posted at the XSS Project's clearing house, the company quickly took notice and fixed it. "Security researcher "Xylitol" is...; Tags: Google Inc., Vulnerability, XSS, XSSed, Security, Dancho Danchev; Blog posts 2008-11-12
HotJobs site flaw leads to Yahoo account theft: See update below for statement from Yahoo. Malicious hackers are exploiting a cross-site scripting flaw on Yahoo's HotJobs site to phish for Yahoo credentials, according to a warning from Netcraft. In the ongoing attack, Netcraft discovered that the vulnerability allows the attacker...; Tags: Attacker, Flaw, Yahoo! Inc., XSS, Authentication, HotJobs, Netcraft, Security, Ryan Naraine; Blog posts 2008-10-27
The open source opportunity in web advertising: Changes in IE8 and pre-beta comments aboujt IE9 suggest that the day is coming when pages assembled from multiple sources will always be considered untrusted and some of the content automatically removed. This poses a big problem for web advertisers and content assemblers - a problem that spells an...; Tags: Web, Web Advertising, Advertisement, Open Source, XSS, Advertiser, Phishing, Microsoft Windows, Cyberthreats, Security, Spam And Phishing, Operating Systems, Software, Paul Murphy; Blog posts 2008-10-02
What Is Cross Site Scripting (XSS)?: High availability is a system design protocol and associated implementation that ensures a certain absolute degree of operational continuity during a given measurement period. Cross site scripting also known as XSS occurs when a web application gathers malicious data from a user. The data is usually gathered in the form...; Tags: XSS, SecPoint; White papers 2008-09-13