Tuesday, 22 January 2008

Rosario Valotta sent us an interesting article about his discovery on MySpace. It looks like MySpace has launched a mobile version of its portal, this version allows visitors to do pretty much everything, including editing your profile, however this version does absolutely the contrary than the main portal: it filters outputs (when printing the profile content), while the main portal filters inputs (when inserting/modifying profile entries).

Monday, 21 January 2008

Security analyst Russ McRee from Seattle, has posted on his blog why "Hacker Safe" certified websites are not so safe. He has proved against McAfee's statement about the service, which says about web application scans: "the web site is then "deep crawled," including flash embedded links and password protected pages, to find forms and other potentially dangerous "interactive elements." These are then exercised in specific ways to disclose any application-level vulnerabilities such as code revelation, cross-site scripting and SQL injection..."

Friday, 18 January 2008

Miroslav Lučinskij of Lithuanian Critical Security team, has shared on full disclosure the details of a new XSS which affects one of the features of Skype. Furthermore, this feature allows the user to add a video into his mood status.

Thursday, 10 January 2008

When XSS vulnerabilities on bank websites are exploited by phishers, is too late to undo the unwanted consequences. According to the news by Paul Mutton of Netcraft, fraudsters used a cross-site scripting vulnerability on the website of Banca Fideuram S.p.A. to spread a phishing scam aiming to steal the account details of customers.

Tuesday, 1 January 2008

Dear XSSed users, Our best wishes for a happy, healthy, secure and prosperous new year for you and your families. :-) Dimitris and Kevin.

Thursday, 20 December 2007

Yesterday, a XSS worm hit Orkut - the famous social networking website, owned by Google. According to some reports, it seems that the permanent XSS (Script Insertion) was found in the HTML messages feature of the "Scrapbook" page, which allows members to leave messages on someone else's profile.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18