Communication with the rootkit author does not necessarily need to be a straightforward matter. I have seen concepts of a rootkit sending data by querying DNS servers controlled by the author and piecing data together by taking the first character from the domain being looked up.
dns -> google.com
dns -> overture.com
dns -> dnsstuff.com
A password of god was just transmitted.
A very crafty kit would build up this list by first by watching legitimate traffic on the network, so viewing raw traffic would not throw up any immediate red flags. Data can be hidden in many places. Just my 2 cents.
Sorry, but its not the same thing. XSS is strictly dealing with injecting JavaScript into a page so that it will be run in a visiting users browser. What you describe is known as RFI, Remote File Inclusion. This requires some very specific kinds of flaws in program logic to allow it to happen, while XSS can generally be found from any unfiltered content being echoed back in a web page.
Sorry, but your being foolish for thinking that every terrorist is going to be pigeon-holed into a simple profile. If you're from the US, do you recall the Oklahoma City bombing? At that time, the worst attack on US soil, and carried out by an average white guy that would have passed right by the profile you seem to have so much faith in.
Slashdot Mirror
For those who don't get the joke: http://xkcd.com/303/
No, this would be like my local video store renting films such as Hostel or Saw. Bloody & violent? Yes. Illegal? No.
Communication with the rootkit author does not necessarily need to be a straightforward matter. I have seen concepts of a rootkit sending data by querying DNS servers controlled by the author and piecing data together by taking the first character from the domain being looked up.
dns -> google.com
dns -> overture.com
dns -> dnsstuff.com
A password of god was just transmitted.
A very crafty kit would build up this list by first by watching legitimate traffic on the network, so viewing raw traffic would not throw up any immediate red flags. Data can be hidden in many places. Just my 2 cents.
Sorry, but its not the same thing. XSS is strictly dealing with injecting JavaScript into a page so that it will be run in a visiting users browser. What you describe is known as RFI, Remote File Inclusion. This requires some very specific kinds of flaws in program logic to allow it to happen, while XSS can generally be found from any unfiltered content being echoed back in a web page.
Sorry, but your being foolish for thinking that every terrorist is going to be pigeon-holed into a simple profile. If you're from the US, do you recall the Oklahoma City bombing? At that time, the worst attack on US soil, and carried out by an average white guy that would have passed right by the profile you seem to have so much faith in.