SEO Files > XSS - Cross Site Scripting Attacks

SEO Black Hathttp://seoblackhat.com [ SEO Black Hat] Attackers canl inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application - often to gather information from users. Imagine yesterday’s example only more advanced and as part of a phishing scam - (fraud is not cool).

Some related posts from Technorati and Google.

http://gr33ndata.blogspot.com  Green Data: This can be some HTML tag to redirect users to his own web page, or a JavaScript that can display an annoying message, steal the users session-ID (their logging to that forum), pop-up some window asking them about some info and then sending this info (like credit card number, email address, etc.) to some remote location. This attack is not limited to web forums only as it can target any sites that takes input from users and displays this input later like blog comments, movies reviews, online web chatting systems, online computer games, etc. (via Cosmos)

http://jameskew.blogspot.com  James Kew: Resident Alien: The sheer determined volume of phishing emails I get, every day, trying to con me into giving up my passwords to fake sites, is a huge disincentive for me ever to join eBay or PayPal. If it looks and smells that bad from the outside, I wonder, is it really worth the risk and hassle to be inside? (via Cosmos)

http://gr33ndata.blogspot.com  Green Data: Gartner also believes that regulators should impose penalties and fines on service providers that do not safeguard sensitive customer data. "While there are some basic steps that consumers can take to protect their data, such as not sharing passwords, customers should not be held accountable for breaches and hacks beyond their control," said Litan. (via Cosmos)

http://beyondquixtar.blogspot.com  Quixtar and Beyond - Quixtar, not Quickstar : Spelled Quixtar, Pronounced Quickstar: Whenever I receive a phishing email I send it in to the web site that is being impersonated so that their legal department can address it and I would recommend that you do the same or at least pay very close attention to emails that you receive out of the blue from any financial or other institution. (via Cosmos)

http://www.stormfrontdevelopment.com [Stormfrontdevelopment.com] SFGroup Blog | The Official StormFront Development Blog: According to Netcraft, cross-scripting vulnerabilities in the server applications that support many business sites cause some Web pages to ignore various kinds of data--specifically, JavaScript code. That creates an opening for criminals to push their own JavaScript programs onto legitimate Web pages.

Webstractions.com[Webstractions.com] Web Development News: October 2004: Salvatore Aranzulla, an Italian journalist who discovered the exploit, says "The flaw allows attackers to target users of the Google Desktop application and modify the contents of search pages by injecting scripts located on external servers. Such cross site scripting attacks provide attackers with a means of obtaining information under the guise of a reputable domain."

http://www.thisishull.net [Thisishull.net] Hull Linux User Group - SecurityFocus: [scip_Advisory 1746] Microsoft Internet Explorer 6.0 embedded contentcross site scripting

Reflected tags on Technorati: Blog, ,