Preview builds of Firefox 3.7 are now available for download, offering the first fruits of Mozilla’s efforts to bulletproof systems against cross-site scripting related attacks. At the end of the past month, Brandon Sterne, Mozilla security program manager, revealed that the work necessary to turn the Content S... |
5 October 2009
10:07 GMT |
 |
|
US-based security researcher and open-source developer Brian Mastenbrook announced on his blog that, for the last month, he worked together with security experts at RubyOnRails to repair an XSS vulnerability in its framework. On that same framework, Internet giants like Twitter, Basecamp, Highrise, Backpack, and Camp... |
4 September 2009
05:47 GMT |
|
|
Adobe Inc. published on the 17th of August 2009 several security fixes for the ColdFusion web design and development platform and also for the web servlet engine JRun. The updates were labeled as critical and resolved several cross-site scripting vulnerabilities that could have compromised and exposed account informa... |
18 August 2009
06:32 GMT |
|
|
The greyhats at Team Elite, who were recently falsely blamed for hacking the MI5 website to steal the personal information of visitors, targeted the newspapers that denigrated them. Members of the outfit responded to the slanderous articles by revealing XSS weaknesses in the websites of The Daily Express and The Tele... |
1 August 2009
04:48 GMT |
|
|
The hackers' assault on security vendors' websites continues with ESET, developer of the popular NOD32 antivirus solution. Multiple websites controlled by the company are vulnerable to cross-site scripting and SQL injection. A hacker calling himself Methodman has published proof-of-concept attacks against ... |
28 February 2009
06:31 GMT |
|
|
Security vendor Kaspersky Labs warns that between 2,000 and 10,000 American and Western European web pages have been hacked in a two-day interval. The cybercriminals responsible for the attack have not been identified yet, but the details of the incident are highly similar to an attack that took place last spring and... |
10 November 2008
05:46 GMT |
|
|
Netcraft, a British company that offers Internet and security services, announced that a phishing attack was compromising Yahoo accounts. According to the company, the attack was using obfuscated JavaScript code injected in the hotjobs.yahoo.com website in order to gather authentication cookies from users accessing t... |
28 October 2008
05:54 GMT |
|
|
As bulletproofed as Internet Explorer 8 will be by default against XSS vulnerabilities, the fact of the matter is that the browser alone will not be able to guarantee the security of end users when it comes down to exploits and attacks using the most widespread type of security holes in web-based applications. &... |
2 September 2008
05:45 GMT |
|
|
A detailed XSS filter architecture and implementation article has been published on the Security Vulnerability Research & Defense blog. The main goal of the XSS filter integrated in IE8 is to prevent exploitation of cross-site scripting vulnerabilities without breaking the web.Cross-site scripting (XSS) is a type of ... |
21 August 2008
06:08 GMT |
|
|
An Australian site has been "hacked" by a computer geek. Nothing bad actually happened, but a lot of people started thinking that the web page had been defaced, as it showed a rather political statement. It said that John Howard liked to suck blood in one case, and d*** in another. This is really funny! Some people ... |
11 October 2007
05:20 GMT |
|
|
Many sites are hackable and malicious users don't sit on their butts - they're always looking for something more than they can exploit. A lot of web pages are vulnerable to cross-site scripting and CSS or XSS, whatever you like to call it, is pretty dangerous. Now, what can you do when you upload a site? We... |
4 September 2007
08:50 GMT |
|
|
