xss
Tag details
Welcome to the 'xss' tag page at Technorati. This page features content from the farthest reaches of the Blogosphere that authors have "tagged" with 'xss'.
Look up
"xss"
at The Free Dictionary
Latest blogosphere posts tagged “xss”
-
Congressional Leak Spotlights P2P User Act
Information Security Resources —
Authority: 427
By Robert Siciliano, Identity Theft Expert Congress is still considering the Informed P2P User Act, a law that would supposedly make it safer to use peer-to-peer file sharing software, an effort that is similar to banning mosquitoes from sucking blood. It just isn’t happening. The only foolproof way ...11 hours ago -
Evaluating Corporate Social Media Strategies
Information Security Resources —
Authority: 427
Daniel Wallace , Information Security Consultant at Grow Forward How vendors, integrators and consultants can position themselves to support CISO’s with corporate social media adoption… In the past I have written articles and advised CISO’s on how social media technology can be used as a vehicle ...1 day ago -
Ten Common Identity Theft Myths Dispelled
Information Security Resources —
Authority: 427
By Robert Siciliano, Identity Theft Expert The National Foundation for Credit Counselors , which sponsors Protect Your Identity Week, has compiled a number of identity theft myths. To support their efforts, the Santa Fe Group Vendor Council Awareness and Education Subcommittee has helped to clarify some ...2 days ago -
Federal Statutes Aid Trade Secret Prosecution
Information Security Resources —
Authority: 427
By John Watkins , Attorney with Chorey, Taylor & Feil The protection of trade secrets through litigation has generally been limited to civil lawsuits, typically filed under state law statutory or common law provisions. This is true even though federal and state statutes have provided criminal penalties ...3 days ago -
PayPal is Safer with NoScript
hackademix.net —
Authority: 400
Strict Transport Security (STS) has gone live on PayPal yesterday. STS is a simple yet effective system for web sites requiring high safety levels, e.g. payment gateways or financial institutions, to force HTTPS connections on every request originated by supporting browsers. It is currently supported by NoScript ...5 days ago -
Newfangled cookie attack steals/poisons website creds
Windows 2008 Security —
Authority: 151
Google, Facebook risk A security researcher has discovered a weakness in a core browser protocol that compromises the security of Google, Facebook, and other websites by allowing an attacker to tamper with the cookies they set. Go here to read the rest: Newfangled cookie attack steals/poisons website creds6 days ago -
Social Media Scams Plague Networks
Information Security Resources —
Authority: 427
By Robert Siciliano, Identity Theft Expert For the past year, I’ve been screaming about the trouble with social media as it relates to identity theft, brand hijacking, privacy issues, and the opportunity social media creates for criminals to “friend” their potential victims in order to create a false ...6 days ago -
Browser Protocol Weakness Allows Theft/Poisoning Of Website Credentials
CyberInsecure.com —
Authority: 126
A security researcher has discovered a weakness in a core browser protocol that compromises the security of Google, Facebook, and other websites by allowing an attacker to tamper with the cookies they set.The weakness stems from RFC 2965, which dictates that browsers must allow subdomains (think www.google.com) to set ...1 week ago -
Apples iTunes Affiliates site briefly subjected to image swaps
The Unofficial Apple Weblog (TUAW) —
Authority: 782
Filed under: Hacks , iTunes , Apple Our friends over at OS X Daily passed along their story noting that Apples site for iTunes Affiliates was vulnerable to a cross-site URL trick, letting you substitute your own images for the ones normally displayed on the page. Since the site is intended to let websites ...1 week ago -
Apple’s iTunes Affiliates site briefly subjected to image swaps
Sell Off Music —
Authority: 162
Filed under: Hacks , iTunes , Apple Our friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a cross-site URL trick, letting you substitute your own images for the ones normally displayed on the page. Since the site is intended to let ...1 week ago -
Watcher: Spotting dubious webishness
HolisticInfoSec.org —
Authority: 103
Novembers toolsmith features Watcher , a great passive security auditor from Chris Weber of Casaba Security , that detects web application security issues as well as operational configuration concerns. Watcher plugs neatly into Fiddler , an indispensable proxy that should be an inherent part of your web ...1 week ago -
Secure Web Hosting
Security Watch —
Authority: 557
Even after the death of the free Geocities service web hosting can be had for very cheap, with real plans starting at even a few dollars a month. But what are you getting for that kind of money? In terms of security, not a whole lot.Most sophisticated attacks against web sites these days arent the sort of thing that ...1 week ago -
再论跨站脚本攻防之道
??'s Blog —
Authority: 120
本文已发表于《 黑客 防线》 作者:Xylitol 译者: riusksk 目录 0x100 The Cross Frame Scripting | 0x110 理论阐述 | 0x111 漏洞代码样本 | 0x112 编写安全代码 0x200 Header for fun and profit |0x210 Cross Agent Scripting |0x211 首份XAS漏洞代码 |0x212 ...2 weeks ago -
pxss.py: Pure Python to access libXss via ctypes
make YJL —
Authority: 112
pxss.py is a replacement of PyXSS/src/__init__.py , but not entire PyXSS . You can have IdleTracker , XSSTracker , and get_info() , and thats all. It accesses libXss.so via ctypes . You only need to put it with your script without installation or compilation. A quick example of getting the idle time: ...2 weeks ago -
Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool
Darknet - The Darkside —
Authority: 466
Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that ...2 weeks ago -
Web Protection Library (WPL) – Evolution of Anti-XSS Library
D' Technology Weblog —
Authority: 546
Microsoft is actively developing the next iteration of Anti-XSS library and Security Runtime Engine (SRE) with added new mitigations that go way beyond the original Cross Site Scripting (XSS) protections of the Anti-XSS Library hence the change in name to the Web Protection Library or WPL. WPL now includes encoding ...3 weeks ago -
Microsoft Anti-XSS Library v3.1 Released
cyphersec —
Authority: 103
The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1 . How does a cross-site scripting (XSS) vulnerability occur? An example is when a web application does not encode the output that is sent to the browser, this can make the ...3 weeks ago -
Court Limits Confidentiality in Civil Litigation
Information Security Resources —
Authority: 427
By John Watkins , Attorney with Chorey, Taylor & Feil The Hon. Owen Forrester, Senior Judge of the United States District Court for the Northern District of Georgia, recently announced a new case management procedure that will limit the parties from consenting to blanket protective orders to protect the ...4 weeks ago -
Liberté, Accessibilité and Securité – that was Paris Web 2009
Wait till I come! —
Authority: 520
Last week I went to Paris, France to speak at a Yahoo Developer Network event and Paris Web. Paris Web is a web development, design and accessibility conference that runs for the fourth year (I think) and I’ve been speaking there for the third time. My presentation – basic housekeeping Originally I planned to ...4 weeks ago -
Firefox 3.7 with improved content security features
D' Technology Weblog —
Authority: 546
Firefox 3.7 "Minefield" is capable of restricting certain classes of embedded code from execution, and Web sites can advertise to browsers in advance which classes of code its pages contain. The end result, the developers of Mozillas Content Security Policy (CSP) hope, is that policy-enhanced browsers will be ...5 weeks ago