From The Blog

Displaying items by tag: XSS

Irony is one of those things that is not appreciated by security guys. They do not find humor in it nor do they enjoy it when someone points an ironic situation involving them out. This has to be the case for the privacy company LifeLock. A pair of security researchers (Eric Taylor and Blake Welsh) have found an interesting feature in LifeLock’s web site. The flaw allows for a cross-site scripting attack to be used to do a fair amount of damage including injecting malware.

Published in News

Twitter has a keen sense of the word irony now. Almost immediately after grabbing the highest score by the Online Trust Alliance for security and privacy they managed to get hit with a very bad XSS (Cross Site Scripting) bug that impacted their TweetDeck side of the house. To make matters worse the XSS flaw was not some 0-day exploit that hackers used, it was a fairly old one that allowed the hackers to fill the feeds of TweetDeck users with malicious scripts.

Published in News