XSS is for real
Posted Apr 13, 2006 16:23 UTC (Thu) by b7j0c
Parent article: Cross-site scripting attacks
xss is definitely at the top of the security issues real users face every day, since most people spend a great deal of time surfing the web and xss exploits are so trivial to code. some things you can do as a user - run noscript for firefox. i cannot stress this enough. allow js for sites you need and trust. block all of the others. if you do not run noscript, assume your cookies have already been stolen, likely multiple times.
for content producers, prefer css to js where they provide complimentary functionality and where it is technically possible. this will also provide higher performance.
there is little point bemoaning the state of site exploits further, as most of the exploiters know what they are doing and are making money by mining data they steal.
even for technically astute users and developers, i can assure you that you will be shocked and amazed at what some of the advanced xss hackers can do.
to post comments)