XSS
Tag details
Welcome to the 'XSS' tag page at Technorati. This page features content from the farthest reaches of the Blogosphere that authors have "tagged" with 'XSS'.
Look up
"XSS"
at The Free Dictionary
"XSS"
at The Free Dictionary
Latest blogosphere posts tagged “XSS”
-
HTML5 new XSS vectors
The Spanner —
Authority: 402
So I posted some new XSS vectors on twitter and I thought I’d share them on the blog in case anyone missed them. Safari, Chrome and Opera all support these now We have a brand new way of auto executing XSS. Normally when you find a XSS hole within a input element that has filtered you can’t exploit it ...3 days ago -
WP-Cumulus for WordPress – XSS, FPD
Microsoft Patch Watch —
Authority: 157
Topic : WP-Cumulus for WordPress - XSS, FPD CVE : CVE-2009-4168, CVE-2009-4170 CWE : CWE-79, CWE-200 SecurityRisk : Medium ....5 days ago -
Safer Online Shopping with Internet Explorer 8
Technology Info —
Authority: 454
Yesterday was what is known as “Cyber Monday,” which is the first Monday after Black Friday every year and is one of the top online shopping days here in the United States. Cyber Monday is when people move to the Web to make purchases they missed in stores during Black Friday. And many online retailers ...1 week ago -
Internet Explorer 8 delivered over 275 Million malware blocks
D' Technology Weblog —
Authority: 527
There’re 3 major threats people shopping online should be aware of: Malware, Cross-site Scripting (XSS), and ClickJacking . “ Internet Explorer 8 protects against each of these threats via SmartScreen. To date, IE8 has delivered over 275 Million malware blocks . And as of Sep., IE8 is blocking 1 in every 200 ...1 week ago -
REI: vulnerability remediation done wrong
HolisticInfoSec.org —
Authority: 113
Part 2 of 2 of Vulnerability remediation done * It makes me sad to use REI as another example of the wrong way to manage vulnerability disclosure; I am a member who is fond of their stores and products. I will not name names or blather on about negligence. Rather, I will let the facts simply speak for ...1 week ago -
Pligg pluggs holes: vulnerability remediation done right
HolisticInfoSec.org —
Authority: 113
Part 1 of 2 of Vulnerability remediation done * Often, when I disclose web application vulnerabilities to Secunia, who in turn works with vendors to drive mitigation and remediation, we are met with vendors who dont reply , dont care , or dont fix . Yet, once in a rare while a vendor chooses the righteous ...1 week ago -
Trade Secrets and Confidential Information
Information Security Resources —
Authority: 517
By John Watkins , Attorney with Chorey, Taylor & Feil We have addressed the importance of trade secrets and confidential information previously on this blog and in our series of podcasts . We have discussed huge jury verdicts that have recently come down against companies found to have violated ...1 week ago -
Fun with fake Flash: an Abode update you dont want
HolisticInfoSec.org —
Authority: 113
Jericho of Attrition.org (support the Open Security Foundation!) recently asked the VIM mailing list a question: Adobe Flash - vuln or just "design"? The question, inspired by Mike Bailey s work for Foreground Security, leads to healthy debate, including press and vendor response . But, ironically the same day ...1 week ago -
Writing Secure WordPress Plugins talk by Mark Jaquith
Infinite Pig Theorem —
Authority: 119
Continuing my notes and remarks from WordCamp , I attended Writing Secure Plugins , which was given by Mark Jaquith (@ markjaquith on Twitter). I found the talk to be also slightly introductory on security matters but nicely oriented to WordPress plugins and general PHP Web app development. I believe most of ...2 weeks ago -
Facebook Hit With A New Clickjacking Worm
CyberInsecure.com —
Authority: 127
The attack began when a victim encountered the image of the near-naked woman on a friend’s profile page along with the words “Want 2 C something hot? Click da button, baby!” Facebookers who took the bait - and were logged in to their accounts at the time - found their profile pages were updated to [...]2 weeks ago -
Wanna C Somthin HOT!?? Click Da Button, Baby!
Computerworld Blogs —
Authority: 146
A new Facebook clickjacking worm is doing the rounds. And this ones fiendishly clever. In IT Blogwatch , bloggers are wary of Greeks bearing gifts. read more2 weeks ago -
Twitter misidentifying context
The Spanner —
Authority: 402
This is an important post for me, not because it’s ground breaking but people don’t seem to get this when using data in certain context. If you are a dev please read this and read it until you understand it because if you misidentify context you fail and you fail pretty badly. I reported this to twitter about two ...2 weeks ago -
Bypassing CSP for fun, no profit
The Spanner —
Authority: 402
I had fun at Confidence 2.0 CON, I’m gonna blog about the stuff I was holding back now So I figured how to bypass CSP with UTF-7 and JSON. Basically any site with a JSON feed that can be manipulated by an attacker (reflective or persistent) can be injected with even in a correctly escaped JSON feed. Utf-7 can be ...2 weeks ago -
Major IE8 flaw makes safe sites unsafe
Simon Willison's Weblog —
Authority: 616
Major IE8 flaw makes ’safe’ sites unsafe . IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can ...2 weeks ago -
Intert Security News: Week in Review
HomeATM —
Authority: 446
Internet Security News: Week in Review EU security agency highlights cloud computing risks (from NetworkWorld at 21-11-2009) Cloud computing users face problems including loss of control over data, difficulties proving compliance, and additional legal risks as data moves from ...2 weeks ago -
The Value of Self-Serving Code - Elizabeth Naramore
Computer & Internet - computer-internet.marc8.com —
Authority: 169
Its Friday night. Im writing code. Not good code, mind you. Crappy code. Completely self-serving code that serves only one purpose: to solve a problem I alone have. No one else will see this code. No one else will use this mini-app. Im writing it for myself and myself alone. read more2 weeks ago -
IE’s XSS Filter Creates XSS Vulnerabilities
hackademix.net —
Authority: 399
Internet Explorer 8’s famous XSS filter can be exploited to perform successful XSS attacks against web sites which would be otherwise safe . In other words, XSS “protection” is helping XSS attackers, oh the irony. Well, this is not exactly news among security researchers, but those aware of the details ...2 weeks ago -
IE8 XSS Filter Bug
...Application Security... —
Authority: 111
The register just ran an article ( IE8 bug makes safe sites unsafe ) talking about a flaw in Internet Explorer 8s XSS filtering. I have researched the IE8 filter in the past and provided some of my thoughts on the matter. As the article correctly states, Im not aware of the actual flaw that has been discovered. ...2 weeks ago -
Effective Security Policy Messaging Important
Information Security Resources —
Authority: 517
By Christopher Burgess , Senior Security Adviser End users tuning you out? Here’s a three-step process for taking human factors into account in your security program (and even using them to your advantage). Let us begin with the premise that security policies exist to protect an entity’s assets as it ...2 weeks ago -
Whitepaper Review - Preventing Security Development Errors: Lessons Learned at Windows Live by Using ASP.NET MVC
HolisticInfoSec.org —
Authority: 113
As part of a security team that cares deeply about the well being of Windows Live , I was extremely pleased to review a paper written by web application security specialists for whom I have deep respect. Preventing Security Development Errors: Lessons Learned at Windows Live by Using ASP.NET MVC was written by a ...2 weeks ago
