Tuesday, 15 April 2008

Symantec has released on April 8th the most recent and very interesting Internet Security Threat Report (ISTR Volume XIII). Concerning the metric for site-specific XSS vulnerabilities, data is provided by us and is limited to the XSS issues that security researchers submit to the archive.

Monday, 14 April 2008

CCC submitted a critical XSS vulnerability affecting eNom.com - the second largest domain name registrar and web hosting company.

Monday, 31 March 2008

Malicious people spread malware by exploiting XSS vulnerabilities on high profile websites. More specifically they inject an IFRAME which loads malicious content from different IP sources around the globe.

Saturday, 23 February 2008

For those who browsed our site on february 18th, you may have noticed the domain "xssed.com" (.net and .org were unaffected) redirected to a different location than the usual site. A malicious attacker managed to get access to the ENOM reseller account of our registrar (Namecheap) and changed the DNS of this domain, he could have changed the DNS of the other 59,000 domains at this registrar but (according to our information) only did it to ours to get fame, as "xssed.com" might be seen as a "special" site.

Friday, 1 February 2008

Russ McRee has written an open letter to ScanAlert's CEO Ken Leonard, respectfully demanding that they review their way of doing business with the "Hacker Safe" branding , specifically things like leaving vulnerable sites perpetually tagged as "safe".

Wednesday, 30 January 2008

Our friend Nexus from Playhack, launched XSSing.com for all things related to XSS, CSRF and web security related topics.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18