xss
Tag details
Welcome to the 'xss' tag page at Technorati. This page features content from the farthest reaches of the Blogosphere that authors have "tagged" with 'xss'.
Look up
"xss"
at The Free Dictionary
"xss"
at The Free Dictionary
Latest blogosphere posts tagged “xss”
-
High Ranking Websites Spread Malware Through Cross-Site Scripting Vulnerabilities
CyberInsecure.com —
Authority: 128
Malware purveyors are exploiting web vulnerabilities in appleinsider.com, lawyer.com, news.com.au and a dozen other sites to foist rogue anti-virus on unsuspecting netizens.The ongoing attacks are notable because they use exploits based on XSS, or cross-site scripting, to hide malware links inside the URLs of trusted ...2 days ago -
Microsoft CAT.NET v1.1.1.9 – Binary Code Analysis Tool .NET
Darknet - The Darkside —
Authority: 456
CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within ...4 days ago -
Experimenting With WASC Threat Classification Views: Vulnerability Root Cause Mapping
CGISecurity - Website and Application Security News —
Authority: 114
I currently lead the WASC Threat Classification Project and were expecting to publish our latest version next month. One of the biggest changes between the TCv2 and TCv1 is that were doing away with single ways to represent the data. In the TCv1 we had a single tree structure to convey appsec...4 days ago -
XSS Attack your database to detect missing Output Encoding
parallelthinking —
Authority: 439
Cross Site Scripting (XSS) Attacks must be one of the most popular type of attacks of websites these days with maybe only SQL Injection attacks getting more attention that that. XSS Attacks The concept is quite simple for Persistent Attacks. User A attacks a website and via some vulnerability, it manages to push an ...1 week ago -
HTML5 new XSS vectors
The Spanner —
Authority: 402
So I posted some new XSS vectors on twitter and I thought I’d share them on the blog in case anyone missed them. Safari, Chrome and Opera all support these now We have a brand new way of auto executing XSS. Normally when you find a XSS hole within a input element that has filtered you can’t exploit it ...1 week ago -
WP-Cumulus for WordPress – XSS, FPD
Microsoft Patch Watch —
Authority: 157
Topic : WP-Cumulus for WordPress - XSS, FPD CVE : CVE-2009-4168, CVE-2009-4170 CWE : CWE-79, CWE-200 SecurityRisk : Medium ....2 weeks ago -
Safer Online Shopping with Internet Explorer 8
Technology Info —
Authority: 450
Yesterday was what is known as “Cyber Monday,” which is the first Monday after Black Friday every year and is one of the top online shopping days here in the United States. Cyber Monday is when people move to the Web to make purchases they missed in stores during Black Friday. And many online retailers ...2 weeks ago -
Internet Explorer 8 delivered over 275 Million malware blocks
D' Technology Weblog —
Authority: 545
There’re 3 major threats people shopping online should be aware of: Malware, Cross-site Scripting (XSS), and ClickJacking . “ Internet Explorer 8 protects against each of these threats via SmartScreen. To date, IE8 has delivered over 275 Million malware blocks . And as of Sep., IE8 is blocking 1 in every 200 ...2 weeks ago -
REI: vulnerability remediation done wrong
HolisticInfoSec.org —
Authority: 109
Part 2 of 2 of Vulnerability remediation done * It makes me sad to use REI as another example of the wrong way to manage vulnerability disclosure; I am a member who is fond of their stores and products. I will not name names or blather on about negligence. Rather, I will let the facts simply speak for ...2 weeks ago -
Pligg pluggs holes: vulnerability remediation done right
HolisticInfoSec.org —
Authority: 109
Part 1 of 2 of Vulnerability remediation done * Often, when I disclose web application vulnerabilities to Secunia, who in turn works with vendors to drive mitigation and remediation, we are met with vendors who dont reply , dont care , or dont fix . Yet, once in a rare while a vendor chooses the righteous ...2 weeks ago -
Trade Secrets and Confidential Information
Information Security Resources —
Authority: 471
By John Watkins , Attorney with Chorey, Taylor & Feil We have addressed the importance of trade secrets and confidential information previously on this blog and in our series of podcasts . We have discussed huge jury verdicts that have recently come down against companies found to have violated ...2 weeks ago -
Fun with fake Flash: an Abode update you dont want
HolisticInfoSec.org —
Authority: 109
Jericho of Attrition.org (support the Open Security Foundation!) recently asked the VIM mailing list a question: Adobe Flash - vuln or just "design"? The question, inspired by Mike Bailey s work for Foreground Security, leads to healthy debate, including press and vendor response . But, ironically the same day ...3 weeks ago -
Writing Secure WordPress Plugins talk by Mark Jaquith
Infinite Pig Theorem —
Authority: 106
Continuing my notes and remarks from WordCamp , I attended Writing Secure Plugins , which was given by Mark Jaquith (@ markjaquith on Twitter). I found the talk to be also slightly introductory on security matters but nicely oriented to WordPress plugins and general PHP Web app development. I believe most of ...3 weeks ago -
Facebook Hit With A New Clickjacking Worm
CyberInsecure.com —
Authority: 128
The attack began when a victim encountered the image of the near-naked woman on a friend’s profile page along with the words “Want 2 C something hot? Click da button, baby!” Facebookers who took the bait - and were logged in to their accounts at the time - found their profile pages were updated to [...]3 weeks ago -
Wanna C Somthin HOT!?? Click Da Button, Baby!
Computerworld Blogs —
Authority: 145
A new Facebook clickjacking worm is doing the rounds. And this ones fiendishly clever. In IT Blogwatch , bloggers are wary of Greeks bearing gifts. read more3 weeks ago -
Twitter misidentifying context
The Spanner —
Authority: 402
This is an important post for me, not because it’s ground breaking but people don’t seem to get this when using data in certain context. If you are a dev please read this and read it until you understand it because if you misidentify context you fail and you fail pretty badly. I reported this to twitter about two ...3 weeks ago -
Bypassing CSP for fun, no profit
The Spanner —
Authority: 402
I had fun at Confidence 2.0 CON, I’m gonna blog about the stuff I was holding back now So I figured how to bypass CSP with UTF-7 and JSON. Basically any site with a JSON feed that can be manipulated by an attacker (reflective or persistent) can be injected with even in a correctly escaped JSON feed. Utf-7 can be ...3 weeks ago -
Major IE8 flaw makes safe sites unsafe
Simon Willison's Weblog —
Authority: 619
Major IE8 flaw makes ’safe’ sites unsafe . IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can ...3 weeks ago -
Intert Security News: Week in Review
HomeATM —
Authority: 150
Internet Security News: Week in Review EU security agency highlights cloud computing risks (from NetworkWorld at 21-11-2009) Cloud computing users face problems including loss of control over data, difficulties proving compliance, and additional legal risks as data moves from ...3 weeks ago -
The Value of Self-Serving Code - Elizabeth Naramore
Computer & Internet - computer-internet.marc8.com —
Authority: 165
Its Friday night. Im writing code. Not good code, mind you. Crappy code. Completely self-serving code that serves only one purpose: to solve a problem I alone have. No one else will see this code. No one else will use this mini-app. Im writing it for myself and myself alone. read more3 weeks ago
