|
Source: Whitedust - Posted by Benjamin D. Thomas
|
Cross-Site Scripting, or XSS for short, is a method used to compromise user access of a third party website in one manner or another. The actual result of the attack - ranging from session theft (you don't log out, and the evildoer returns to the site using your credentials) to elaborate automated account hijacking - is unimportant for the purposes of this discussion. What's important is the understanding that any small vulnerability (in either browser or web service) can easily be escalated into a full-scale, automated, "change your password and empty your paypal account" attack with the right time and devotion from the attacker.
XSS is by no means a new attack, and has been explained often before. It has not (to my knowledge) however been explained in a method which makes the average Wordpress or phpBB2 user motivated to keep the software they use up to date.
Read this full article at Whitedust
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
