jdh
June 16th, 2007, 05:41 PM
Yahoo! fixes bug that gave free rein to user accounts
All hail the power of the XSS error!
By Dan Goodin in San Francisco
Published Friday 15th June 2007 20:33 GMT
"It's incredibly powerful because it allows the attackers to to do anything they want to any website that's vulnerable," says Robert Hansen, a researcher specializing in web-based security who runs the ha.ckers.org blog. "It's not well understood in the development community." Hansen estimates about 80 percent of sites contain one or more XSS flaws.
http://www.theregister.com/2007/06/15/yahoo_xss_error/
As far as I can tell, firewalls provide zero protection against such attacks, and anti-spy and anti-virus only provide partial protection against such attacks. Off-hand, I don't know anything besides the NoScript extension of Firefox that protects against this.
DH
All hail the power of the XSS error!
By Dan Goodin in San Francisco
Published Friday 15th June 2007 20:33 GMT
"It's incredibly powerful because it allows the attackers to to do anything they want to any website that's vulnerable," says Robert Hansen, a researcher specializing in web-based security who runs the ha.ckers.org blog. "It's not well understood in the development community." Hansen estimates about 80 percent of sites contain one or more XSS flaws.
http://www.theregister.com/2007/06/15/yahoo_xss_error/
As far as I can tell, firewalls provide zero protection against such attacks, and anti-spy and anti-virus only provide partial protection against such attacks. Off-hand, I don't know anything besides the NoScript extension of Firefox that protects against this.
DH