Barclays XSS vulnerability comes handy for scammers and blackhat hackers

Written by Dimitris Pagkalos

Sunday, 11 May 2008

Bank websites which are vulnerable to cross-site scripting are critically susceptible to frauds and that is a well-documented fact! Strict case management  and monitoring of security vulnerabilities should have prevented 100% of site-specific vulnerabilities. Barclays is one of the largest UK banks and a gold target for scammers hunting the pound notes. In this case, exploiting trust is an easy game to play for phishers and blackhat hackers.


read more...

Hacker Safe or not? Read on, watch the video and vote now!

Written by Dimitris Pagkalos

Monday, 28 April 2008

Russ McRee brought up again his concerns about the Hacker Safe issue with his latest blog post titled "Still not Hacker Safe, roll the video". Me and Kevin are also annoyed with the fact that McAfee's ScanAlert service is, as Russ pointed out, more like fraudulent marketing fluff than a worthy expense for websites.  What do YOU think?


read more...

Google Groups vulnerable to cross-site scripting

Written by Dimitris Pagkalos

Sunday, 27 April 2008

mox has discovered a critical XSS (script insertion) vulnerability in Google Groups.


read more...

Barack Obama's official site hacked

Written by Dimitris Pagkalos

Friday, 18 April 2008

mox has just submitted a critical script insertion vulnerability affecting my.barackobama.com - Barack Obama's official social networking site for his supporters.


read more...

Symantec Internet Security Threat Report (ISTR Volume XIII) highlights

Written by Dimitris Pagkalos

Tuesday, 15 April 2008

Symantec has released on April 8th the most recent and very interesting Internet Security Threat Report (ISTR Volume XIII). Concerning the metric for site-specific XSS vulnerabilities, data is provided by us and is limited to the XSS issues that security researchers submit to the archive.


read more...

New eNom XSS vulnerability

Written by Dimitris Pagkalos

Monday, 14 April 2008

CCC submitted a critical XSS vulnerability affecting eNom.com - the second largest domain name registrar and web hosting company.


read more...

older news...  

 
22916 total xss
1189 fixed
1722 xss onhold
399 EW subscribers


Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.