From TFA:
CTO for White Hat Security Jeremiah Grossman says the companies' whose sites are posted on the message board should immediately fix the XSS vulnerabilities and check their logs to be sure nothing got in.
Cross-site Scripting is an attack against the clients not the server. There is no way XSS can be used to compromise the web server. I would expect more from the CTO of White Hat.
Technically not true. In most places the SIPRNET runs over the same infrastructure (wires, switches, etc) that the unclassified traffic runs over. The SIPRNET traffic is just encrypted using TACLANEs, so it is essentially a classified VPN as opposed to a physically separate network. It would be theoretically possible to hack into the SIPRNET from the Internet by compromising a TACLANE.
Slashdot Mirror
From TFA: CTO for White Hat Security Jeremiah Grossman says the companies' whose sites are posted on the message board should immediately fix the XSS vulnerabilities and check their logs to be sure nothing got in. Cross-site Scripting is an attack against the clients not the server. There is no way XSS can be used to compromise the web server. I would expect more from the CTO of White Hat.
Technically not true. In most places the SIPRNET runs over the same infrastructure (wires, switches, etc) that the unclassified traffic runs over. The SIPRNET traffic is just encrypted using TACLANEs, so it is essentially a classified VPN as opposed to a physically separate network. It would be theoretically possible to hack into the SIPRNET from the Internet by compromising a TACLANE.