XSS on Significant Government Websites
Cross-site scripting is near and dear to my heart, and I think that the XSS Myspace worms and the occasional XSS-powered phishing attack are promoting them from "neat trick" to "annoying vulnerability." So, it's a little troubling when trivial (less than 40 seconds or so) experimentation reveals XSS on significant, high-profile, easily-Googleable US government websites.
Now I have to figure out how to deal with disclosing application vulnerabilities to powerful law enforcement agencies without getting shipped off to Poland. Hopefully, it will be easy and painless.
Now I have to figure out how to deal with disclosing application vulnerabilities to powerful law enforcement agencies without getting shipped off to Poland. Hopefully, it will be easy and painless.
posted by todb at 12:08 PM
1 Comments:
Hi Honneee! Glad to see that you have working comments now. :-)
Post a Comment
Links to this post:
Create a Link
<< Home