Tuesday, August 14, 2007

Scary XSS worm vid

In case you haven't noticed, there is a distinct video theme to my last few posts. There's a video I found on another site (I think it was xssnews or something like that, although it seemed to be down recently) about an xss worm vulnerability in a messaging app called meebo. The video shows how easy it is to exploit but does not show the actual final exploit code in keeping with responsible disclosure that most security experts adhere too.
Check it out, it's pretty interesting (and scary). A good example of the dangers of rich user interfaces seen in web 2.0 apps if not properly secured.

1 comment:

kenzie jones said...

I can't understand anything in your blog.On the one side you load a video but on the other side you explain it does not show all the information.
digital signatures