Slashdot Mirror

← Back to Domains

Domain: cgisecurity.com

Stories and comments across the archive that link to cgisecurity.com.

Comments · 196

  1. Sort of, but not quite by Anonymous Coward · · Score: 0 · on PayPal Security Flaw Allows Identity Theft

    The exploit uses the concept of cross-site scripting (XSS, not CSS). XSS can work in some interesting ways to trick users. It's certainly more sophisticated than your typical "www.somerandomsite.com/ebay/login.cgi" phishing schemes you see.

    You can read some more about XSS.

  2. The Cross Site Scripting FAQ by mrkitty · · Score: 5, Informative · on PayPal Security Flaw Allows Identity Theft


    http://www.cgisecurity.com/articles/xss-faq.shtml

  3. This is Cross Site Scripting by Anonymous Coward · · Score: 0 · on Worm Wriggles Through Yahoo! Mail Flaw


    The Cross Site Scripting FAQ

  4. Additional AJAX Security Resources by Anonymous Coward · · Score: 0 · on Is Your AJAX App Secure?


    AJAX Security

  5. The Cross Site Scripting FAQ by Anonymous Coward · · Score: 1, Informative · on LiveJournal XSS Security Challenge


    The Cross Site Scripting FAQ

  6. This is Cross Site Scripting by mrkitty · · Score: 5, Informative · on Details of the LiveJournal Account Hacks

    I've written an FAQ on this type of attack which can be found below.
    The Cross Site Scripting FAQ

  7. Web Vulnerability Links by webappsec · · Score: 0 · on Evolving Phishing Attacks Using Web Vulnerabilities?

    The Web Security Mailing List
    Website Security news
    Website Security news [RSS Feed]

  8. Web Vulnerability Links by webappsec · · Score: 0 · on Evolving Phishing Attacks Using Web Vulnerabilities?

    The Web Security Mailing List
    Website Security news
    Website Security news [RSS Feed]

  9. MySQL Security by webappsec · · Score: -1, Offtopic · on Core Web Application Development with PHP & MySQL


    http://www.cgisecurity.com/database/mysql/

  10. Not linked off of amazon.com, possible phishing? by webappsec · · Score: 1 · on Amazon's Mechanical Turk

    This isn't linked off of www.amazon.com this could be a phishing scam......
    - webappsec
    Web Security

  11. Ajax Security by Anonymous Coward · · Score: 0 · on Ajax Is the Buzz of Silicon Valley


    Ajax Security

  12. The Cross Site Scripting FAQ by webappsec · · Score: 1 · on Cross-Site Scripting Worm Floods MySpace


    Cross Site Scripting

  13. For further reading by Hosiah · · Score: 1 · on Cross-Site Scripting Worm Floods MySpace

    Since I know only about 12 programming languages and use maybe 10 libraries between them all, that makes me next to computer illiterate these days. So I didn't know what XSS was, but found this site: http://www.cgisecurity.com/articles/xss-faq.shtml extremely informative. Including some HEX code that looks like fun!

  14. AJAX Security by webappsec · · Score: 2, Informative · on Open Source AJAX Webmail


    AJAX Security

  15. Incorrect title by Anonymous Coward · · Score: 4, Informative · on IE Flaw Exposes Users To Spoof-Based Attacks

    The problem is with the proxy servers, not IE.
    Read the paper

    Yawn...

  16. Advisory URL by webappsec · · Score: 0 · on IE Flaw Exposes Users To Spoof-Based Attacks

    http://www.cgisecurity.com/lib/XmlHTTPRequest.shtm l

  17. AJAX Security by webappsec · · Score: 0 · on Early AJAX Office Applications

    AJAX Security

  18. MirrorMask Show in Atlanta by mrkitty · · Score: 3, Interesting · on Gaiman and Whedon Discuss the Rise of the Geek

    Atlanta has a showing of mirrormask for 1 week only. The artist of mirrormask also does the sandman covers.

    Movie Times: http://www.atlantamovietimes.com/movies/4798910.ph p?date=0

    - z
    http://www.cgisecurity.com/

  19. AJAX Security by mrkitty · · Score: 1 · on Better Web Apps With Ajax


    AJAX Security

  20. Oh god, not again... by Jugalator · · Score: 1 · on MS Vista Look and Feel To Go Cross-Platform

    When WPF/E becomes available, it will be in the form of an Active X control that can be embedded in applications or as browser plug-in.

    *pictures Bill Gates screaming "lalalala!" when presented with report like these*

  21. The Cross Site Scripting FAQ by mrkitty · · Score: 2, Informative · on Apache Request Smuggling Vulnerability Found


    www.cgisecurity.com/articles/xss-faq.shtml

  22. Anatomy of the Web Application Worm by mrkitty · · Score: 5, Informative · on Schneier on Attack Trends: More Complex Worms

    For those wondering about other advances/predictions in worms check out this paper I wrote a few years ago.
    http://www.cgisecurity.com/articles/worms.shtml

  23. Web Attack Security Documentation by Anonymous Coward · · Score: 0 · on Web Site Attacks Are On The Rise


    http://www.cgisecurity.com/lib/

  24. Web Security RSS Feed by Anonymous Coward · · Score: 0 · on RSS Reaches Out for New Networks


    http://www.cgisecurity.com/index.rss

  25. Speaking of google bombing by Anonymous Coward · · Score: 0 · on 'Online Poker' Googlebomb

    Bomb this Web Security news

  26. Web Application Security Links by Anonymous Coward · · Score: 0 · on Building Richly Interactive Web Apps with Ajax


    http://www.webappsec.org
    http://www.cgisecurity.com/
    What is SQL Injection?
    What is Blind SQL Injection?
    What is Cross Site Scripting?

  27. Web Application Security Links by Anonymous Coward · · Score: 0 · on Building Richly Interactive Web Apps with Ajax


    http://www.webappsec.org
    http://www.cgisecurity.com/
    What is SQL Injection?
    What is Blind SQL Injection?
    What is Cross Site Scripting?

  28. Web Application Security Links by Anonymous Coward · · Score: 0 · on Building Richly Interactive Web Apps with Ajax


    http://www.webappsec.org
    http://www.cgisecurity.com/
    What is SQL Injection?
    What is Blind SQL Injection?
    What is Cross Site Scripting?

  29. Web Application Security Links by Anonymous Coward · · Score: 0 · on Building Richly Interactive Web Apps with Ajax


    http://www.webappsec.org
    http://www.cgisecurity.com/
    What is SQL Injection?
    What is Blind SQL Injection?
    What is Cross Site Scripting?

  30. What is SQL Injection? by Anonymous Coward · · Score: 1, Informative · on More Holes Found in T-Mobile Website


    http://www.cgisecurity.com/questions/sql.shtml

  31. Cross Site Scripting FAQ by Anonymous Coward · · Score: 1, Informative · on More Holes Found in T-Mobile Website


    http://www.cgisecurity.com/articles/xss-faq.shtml

  32. Web Security Pen Testing resources by Anonymous Coward · · Score: 0 · on Free Open-Source vs. Commercial Security Tools?

    .NET Security
    Java Security
    Web Application Assessment documentation

  33. Web Security Pen Testing resources by Anonymous Coward · · Score: 0 · on Free Open-Source vs. Commercial Security Tools?

    .NET Security
    Java Security
    Web Application Assessment documentation

  34. Web Security Pen Testing resources by Anonymous Coward · · Score: 0 · on Free Open-Source vs. Commercial Security Tools?

    .NET Security
    Java Security
    Web Application Assessment documentation

  35. .NET Security resources by Anonymous Coward · · Score: 0 · on Gosling Claims Huge Security Hole in .NET


    http://www.cgisecurity.com/development/dot-net.sht ml

  36. Web Security news RSS feed by Anonymous Coward · · Score: 0 · on Filtering RSS Through Your Social Web


    Web Security RSS feed

  37. Fingerprinting Port 80 Attacks: Attack Forensics by Anonymous Coward · · Score: 0 · on Anti-Santy Worm Patches phpBB Flaw


    Here are the links to two papers describing forensic log analysis of web based attacks. Worth a look.
    Fingerprinting Port80 Attacks Part 1
    Fingerprinting Port80 Attacks Part 2

  38. Fingerprinting Port 80 Attacks: Attack Forensics by Anonymous Coward · · Score: 0 · on Anti-Santy Worm Patches phpBB Flaw


    Here are the links to two papers describing forensic log analysis of web based attacks. Worth a look.
    Fingerprinting Port80 Attacks Part 1
    Fingerprinting Port80 Attacks Part 2

  39. Cross Site Scripting FAQ: Questions and Answers by Anonymous Coward · · Score: 1, Informative · on Netcraft Releases Anti-Phishing Toolbar


    http://www.cgisecurity.com/articles/xss-faq.shtml

  40. Anatomy of the web application worm by Anonymous Coward · · Score: 0 · on Net Worm Uses Google to Spread

    Frankly I'm surprised it took this long. Here is an article I wrote about web application worms that was published 2 years ago. http://www.cgisecurity.com/articles/worms.shtml

  41. Cross Site Scripting FAQ questions and answers by Anonymous Coward · · Score: 0 · on Gmail Accounts Vulnerable to XSS Exploit


    http://www.cgisecurity.com/articles/xss-faq.shtml

  42. PSA: XSS cookie theft by whovian · · Score: 5, Informative · on Gmail Accounts Vulnerable to XSS Exploit

    Never heard of XSS until now (like me)? Here is one summary one summary of what the cookie theft looks like.

  43. Apache Security Documentation by mrkitty · · Score: 1 · on Apache 1.3.33 Released


    http://www.cgisecurity.com/webservers/apache

  44. Apache security documentation by Anonymous Coward · · Score: 1, Interesting · on Apache 1.3.32 Released


    http://www.cgisecurity.com/webservers/apache/

  45. Apache security documentation by Anonymous Coward · · Score: 3, Informative · on Apache 2.0.52 Released


    http://www.cgisecurity.com/webservers/apache/

  46. Apache security documentation by Anonymous Coward · · Score: 1, Informative · on Apache httpd 2.0.51 Released


    http://www.cgisecurity.com/webservers/apache/

  47. XSS by phug · · Score: 1 · on AOL IM 'Away' Message Security Hole Found

    Three words: Cross Site Scripting

  48. Re:Stupid Guy Asks... by key45 · · Score: 3, Informative · on Slashback: Zip, Language, Opportunism

    I'll bite:
    What is Cross Site Scripting"

  49. Secure coding documentation by Anonymous Coward · · Score: 2, Informative · on Secure Programmer: Keep an Eye on Inputs

    Java
    XML
    .NET

  50. Secure coding documentation by Anonymous Coward · · Score: 2, Informative · on Secure Programmer: Keep an Eye on Inputs

    Java
    XML
    .NET