A new addition to the website defacement archive maintained by Zone-h could be the very definition of the term irony.
Devoted to the archiving and tracking of XSS (Cross Site Scripting) vulnerabilities across the Internet, XSSed.com found itself temporarily the victim of a hole in its own site. Although only defaced for a short period of time (the site is fully functional again), it is a timely reminder that no one and no site is immune to the risks of being defaced, compromised, or otherwise featured on any number of archives of security weaknesses.
It is generally accepted that XSS vulnerabilities pose a problem for many sites, though there are still many in the wider Information Technology (and Information Security) communities that refuse to acknowledge the significant risks that an XSS vulnerability can pose (other than the temporary 'uglifying' of a site). Researchers such as RSnake (ha.ckers.org) and pdp (GnuCitizen) have been on the forefront of providing practical examples of the true nature of the risks that XSS vulnerabilities pose.
19 February 2008
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.