On TV.com: BEST and WORST New Fall Shows
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 16 of 38:
Next »
« Previous
Maybe, but...
Do you REALLY know which sites are safe? Notice how he mentions injecting the code. You could still get infected by a "safe" site like ZDNet or CNN or anyone else that is "safe" if that site is vulnerable to Cross Site Scripting. Say some rookie programmer at ZDNet writes bad code in one of their pages that opens the site up to Cross Site Scripting. A hacker finds that page, and uses the XSS vulnerability to inject this utility. I've seen XSS vulnerabilities that allowed one domain to inject Javascript into a client's SSL session with another domain. To be really safe, you need specific behavior monitoring by IE, Firefox, anit-virus, etc. The guys at SPIDynamics aren't fools. I use WebInspect on an almost daily basis, and I believe anything they say.
Posted by: adsanders@...   Posted on: 03/21/07 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Easy fix  nECrO_z | 03/20/07
Now were thinking .  Intellihence | 03/20/07
Not so easy...  ridingthewind | 03/21/07
So true, everything uses JavaScript these days. You would spend half of  DonnieBoy | 03/21/07
Maybe temporarily  John Sawyer | 03/23/07
Easier than you think...  doas777 | 03/21/07
Not completely true  TripleII | 03/21/07
Speak for yourself  JDThompson | 03/21/07
Speak 4 urself, but not TO urself!  mejohnsn | 03/23/07
Not true  CobraA1 | 03/22/07
That's probably been hiddenly addressed  Boot_Agnostic | 03/21/07
Hack the Hacker ?  JackSprat_1984@... | 03/21/07
Hacker vs cracker  John Sawyer | 03/23/07
Usage is the Final Arbiter  mejohnsn | 03/23/07
Firefox w/ noscript - not that difficult  not-a-zealot | 03/21/07
Maybe, but...  adsanders@... | 03/21/07
Not particularly amazing  lfugate@... | 03/21/07
not particularily true  cfortune | 03/21/07
Repeated  TripleII | 03/21/07
?  SmudgeTheFirst | 03/21/07
javascript  shryko | 03/21/07
use it yourself to sniff vulnerabilities in your own site  cfortune | 03/21/07
Guess it's time to restrict ECMAscript...  Resuna | 03/21/07
Old news....  PhilFrisbieJr | 03/21/07
So let me see if I've got this straight...  Heatlesssun1 | 03/21/07
Curiousity... Why write these codes in the first place  Fragash | 03/21/07
use linux; be secure  milkyway8754@... | 03/21/07
Javascript is cross-platform  JDThompson | 03/21/07
Wrong site...  cmjrees | 03/22/07
Hacker Conventions????  hrwaller | 03/22/07
Terrorists?  cmjrees | 03/22/07
Hackers? Burglars? Security?!!  dcellerd@... | 03/22/07
Depends  CobraA1 | 03/22/07
Hacker Cure?  crawdad2k | 03/22/07
This is why I use NoScript (nt)  CobraA1 | 03/22/07
BTW, NoScript just updated to help prevent this (nt)  CobraA1 | 03/27/07
Re: BTW, NoScript just updated to help prevent this  bill deville | 01/16/08
One unanswered question...  Night_Bengal@... | 03/25/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline