washingtonpost
- April 16, 2009
Creating a Public Nuisance with Insecure Web Sites
Thousands of Web sites that were cited last year for harboring security flaws that could be used to attack others online remain a hazard and an eyesore along the information superhighway. At issue are sites that harbor so-called cross-site scripting (XSS) vulnerabilities, which occur when Web sites accept input from a user — usually from something like a search box or e-mail form — but do not prevent users from entering malicious code or other instructions. Once the code is entered, the URL that the Web site spits back can then be used for phishing scams. Unlike other scams, the URLs used in these cases look more legitimate. A typical XSS attack usually goes like this: The bad guys send out e-mails designed to look like they were sent by a trusted e-commerce company. The e-mails instruct recipients to click on a link and update their account information. Instead of
 Visual Studio Team System helps teams of every size collaborate better for faster app development. Get a Free Trial at microsoft.com/defyallchallenges/team |
