Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross Site Scripting Discovered in Google

Posted by CmdrTaco on from the hate-when-that-happens dept.

Security Test writes "Yair Amit posted a message early this morning to The Web Security Mailing List outlining a Cross Site Scripting flaw in Google that allows an attacker to carry out Phishing Attacks."

7 of 158 comments (clear)

  1. Re:Javascript is a security problem? by joelsanda · · Score: 1, Funny

    That's right, disable js and fix the web!

    Gosh, you make it sound like the Web started as a text content medium or something!

    --
    The Luddites were ahead of their time.
  2. Re:but this was resolved three weeks ago. by @madeus · · Score: 5, Funny

    Ob-ISO International Date Format advocation ( 2005-12-01 for the win! :-)

  3. XSSholes! by digitaldc · · Score: 5, Funny

    "How common are XSS holes?"
    I had to laugh at that one.

    Only an XSShole would steal your cookies.

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  4. Re:It's been fixed by Midnight+Thunder · · Score: 1, Funny

    I think proponents of mmddyyyy would love my mm:hh:ss format ;)

    --
    Jumpstart the tartan drive.
  5. Re:but this was resolved three weeks ago. by Flunitrazepam · · Score: 5, Funny

    Stardate 481.23.587 for the extra credit

    --
    1) Your analysis is based on bad assumptions so your result is way off. 2) You're a sick bastard for fucking a horse.
  6. Re:It's been fixed by Hawke666 · · Score: 2, Funny

    and the proponents of ddmmyyyy would love your ss:mm:hh format. Go ISO!

  7. Re:OT: date format by Cunk · · Score: 3, Funny

    "so why dont the US kill this stupid format?"

    It was scheduled to be phased out on 01/03/02 but, well...you can guess what happened.

    --

    I am the inventor of the hilarious refrigerator alarm.