XSS

(get it in RSS or Atom)

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

by Paul Ducklin on February 7, 2015 | Leave a comment

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

Internet Explorer has a Cross Site Scripting zero-day bug

by Paul Ducklin on February 4, 2015 | Leave a comment

Another day, another zero-day.

This time, it's Internet Explorer that is attracting the sort of publicity a browser doesn't want, with the public disclosure of an XSS bug.

SSCC 166 - A sleeping bag and a camping stove to queue for an iPhone? [PODCAST]

by Paul Ducklin on September 26, 2014 | Leave a comment

For your listening pleasure!

Here's the latest episode in our weekly podcast series...

10 security holes that cybercrooks dream about - 60 Sec Security [VIDEO]

by Paul Ducklin on September 20, 2014 | Leave a comment

Here's this week's episode of 60 Second Security.

Enjoy the latest security news in just one minute...

eBay takes flak for leaving rigged iPhone listing up for 12 hours

by Lisa Vaas on September 19, 2014 | Leave a comment

Ebay. Image courtesy of Radu Bercan/Shutterstock.com

eBay's getting flak for its chilled response to a serious XSS attack, sprung when a user clicked on a fake listing for an Iphone 5S and was redirected to a spoofed site that was after users' login credentials.

59 vulns in IE, teenager versus Turing, and Twitter gets wormed - 60 Sec Security [VIDEO]

by Paul Ducklin on June 14, 2014 | Leave a comment

Is 59 vulns in IE some kind of record? Did a computer really pass the Turing Test? Can a network worm ever be a joke?

Find out in one minute!

Twitter jumps to block XSS worm in Tweetdeck

by Chester Wisniewski on June 11, 2014 | 1 Comment

A cross-site scripting flaw was disclosed this morning affecting the popular Twitter application Tweetdeck. It has now been fixed, but not before it wormed its way through thousands of browsers.

Yahoo pays first bug bounty - $12.50 in Company Store credit

by Lisa Vaas on October 2, 2013 | 12 Comments

$12.50 per vulnerability, only to be spent in the Yahoo Company Store, mind you, is what security researchers got for finding four XSS vulnerabilities. The security outfit, High-Tech Bridge, is understandably a bit miffed.

PayPal refuses to pay bug-finding teen

by Lisa Vaas on May 29, 2013 | 25 Comments

A 17-year-old German student says he found a bug on PayPal's site but the company won't fork over the reward money. PayPal said someone had already found the bug but they also cited an age guideline that isn't actually included in its bug bounty program guidelines.

Anatomy of an exploit - Linksys router remote password change hole

by Paul Ducklin on April 11, 2013 | 8 Comments

A security researcher from California has published a how-to guide detailing a number of exploits against various Linksys routers.

Paul Ducklin looks at the ominous sounding "EA2700 Password Change Insufficient Authentication and CSRF Vulnerability"...

Apple password reset website - gaping hole found, fixed

by Paul Ducklin on March 23, 2013 | 6 Comments

Apple has had a good-bad-good-bad week of it in the computer security environment.

Its announcement of two-step verification for some users was quickly followed by a report of a password recovery exploit for everyone else...

"Omg this is so cool!" Pinterest hack feeds spam to Twitter and Facebook

by Paul Roberts on September 12, 2012 | 3 Comments

Another rash of account takeovers on the photo-sharing site Pinterest has spilled over onto Twitter and Facebook, as spammers take advantage of linked accounts.

Apple offers iOS 5.1.1 update, fixes some serious vulnerabilities

by Paul Ducklin on May 8, 2012 | 14 Comments

Apple's latest update to iOS just came out.

Version 5.1.1 is more than just a cosmetic fix: it patches at least three security flaws, all of which should be considered serious.

25 'VeriSign Trusted' shops found to have XSS holes

by Lisa Vaas on February 28, 2012 | 1 Comment

A grey hat hacker has discovered cross-site scripting (XSS) holes in 25 UK online stores that are certified as safe by the likes of VeriSign, Visa, and MasterCard.

XSS flaw in WordPress 3.3 - How the smallest things make testing tough

by Chester Wisniewski on January 3, 2012 | Leave a comment

Researchers discovered a cross-site scripting flaw in WordPress 3.3 yesterday that only occurs if you ran the installation with an IP address instead of a domain name. WordPress 3.3.1 is now available to fix the vulnerability.

Facebook explains pornographic shock spam, hints at browser vulnerability

by Chester Wisniewski on November 16, 2011 | 29 Comments

Facebook has released a statement about the fast spreading offensive messages that have been posted to many users walls. They claim there is a browser vulnerability that allowed users to paste malicious JavaScript into their web browsers and post the offensive messages.

Weibo, China's Twitter-like service, hit by worm

by Graham Cluley on June 30, 2011 | 3 Comments

A worm which broke out on Weibo, exploited a cross-site scripting flaw and sent around messages claiming to link to naked photos of Fan Bingbing, romantic poetry and mobile phone spyware.

Sony Portugal latest to fall to hackers

by Chester Wisniewski on June 9, 2011 | 2 Comments

Sony Music Portugal is the latest Sony asset to be targeted by hackers. Is there light at the end of the tunnel? Are there other Sony websites that are still flawed?

Facebook scam with a difference - Social Tagging Worldwide avoids rogue apps

by Paul Ducklin on April 11, 2011 | 9 Comments

Sick of reading about rogue apps on Facebook? Here's a Facebook scam with a difference.

A "profile viewer" scam under the name Social Tagging Worldwide tricks you via the clipboard, not via the usual rogue app.

September roundup - "90 Second News"

by Paul Ducklin on September 28, 2010 | Leave a comment

Don't just read the latest computer security news - watch it in 90 seconds! This month: when internet access chose the government; Adobe battles another zero-day; Twitter suffers XSS woes; and the Stuxnet malware keeps on making the wrong headlines. Read more…

XSS

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

SSCC 166 - A sleeping bag and a camping stove to queue for an iPhone? [PODCAST]

10 security holes that cybercrooks dream about - 60 Sec Security [VIDEO]

eBay takes flak for leaving rigged iPhone listing up for 12 hours

59 vulns in IE, teenager versus Turing, and Twitter gets wormed - 60 Sec Security [VIDEO]

Twitter jumps to block XSS worm in Tweetdeck

Yahoo pays first bug bounty - $12.50 in Company Store credit

PayPal refuses to pay bug-finding teen

Anatomy of an exploit - Linksys router remote password change hole

Apple password reset website - gaping hole found, fixed

Apple offers iOS 5.1.1 update, fixes some serious vulnerabilities

25 'VeriSign Trusted' shops found to have XSS holes

XSS flaw in WordPress 3.3 - How the smallest things make testing tough

Facebook explains pornographic shock spam, hints at browser vulnerability

Sony Portugal latest to fall to hackers

September roundup - "90 Second News"

Free tools

Mobile Security for Android

Antivirus for Mac

Virus Removal Tool

UTM Home Edition

UTM Essential Firewall

Hot this week

Twitter troll fired, another suspended after Curt Schilling names and shames them

Woman reunited with stolen iPhone thanks to accidental Facebook selfie post

Facebook explains when and why it peeps at your account

The FREAK bug in TLS/SSL - what you need to know

Snapchat tells teens: Keep your clothes on!

Is this the ultimate spam fail?

Why you can't trust password strength meters

Facebook post criticizing employer lands Florida man in Abu Dhabi prison

Police may charge data centre in largest ever child abuse images bust

Old-school landline phones to protect elderly from "it's me" scammers

Tags

Categories

Archives by month

Download some free tools

Take a look at our products

Investigate the threats

XSS

Related articles