Monday, 14 April 2008

CCC submitted a critical XSS vulnerability affecting eNom.com - the second largest domain name registrar and web hosting company.

Monday, 31 March 2008

Malicious people spread malware by exploiting XSS vulnerabilities on high profile websites. More specifically they inject an IFRAME which loads malicious content from different IP sources around the globe.

Saturday, 23 February 2008

For those who browsed our site on february 18th, you may have noticed the domain "xssed.com" (.net and .org were unaffected) redirected to a different location than the usual site. A malicious attacker managed to get access to the ENOM reseller account of our registrar (Namecheap) and changed the DNS of this domain, he could have changed the DNS of the other 59,000 domains at this registrar but (according to our information) only did it to ours to get fame, as "xssed.com" might be seen as a "special" site.

Friday, 1 February 2008

Russ McRee has written an open letter to ScanAlert's CEO Ken Leonard, respectfully demanding that they review their way of doing business with the "Hacker Safe" branding , specifically things like leaving vulnerable sites perpetually tagged as "safe".

Wednesday, 30 January 2008

Our friend Nexus from Playhack, launched XSSing.com for all things related to XSS, CSRF and web security related topics.

Tuesday, 22 January 2008

Rosario Valotta sent us an interesting article about his discovery on MySpace. It looks like MySpace has launched a mobile version of its portal, this version allows visitors to do pretty much everything, including editing your profile, however this version does absolutely the contrary than the main portal: it filters outputs (when printing the profile content), while the main portal filters inputs (when inserting/modifying profile entries).

1 2 3 4 5 6 7 8 9 10 11 12 13