Dell, MSN, HP, Apple, Myspace, YouTube, and many other big sites... be careful.
From slashdot...
"Dark Reading and SC Magazine covered a story about hackers posting cross-site scripting (XSS) vulnerabilies en mass on dozens of high profile websites including Dell, MSN, HP, Apple, Myspace, YouTube, MSN, Cingular, etc. The media coverage drew the hacker's attention to the publication's websites where they got a taste first-hand. On message board wall-of-shame is PC World, MacWorld, Fox News, the Independent, and ZDNet UK. "...not only did we get the "scoop" on the XSS site problems, but we also got the message loud and clear: Don't assume you're immune to XSS vulnerabilities. They're everywhere." The news comes shortly after Mitre (CVE) released statistics showing XSS has become the most popular exploit. Unfortunately new XSS attacks are growing increasingly severe and scanners are unable to find many of the issues on modern websites." -slashdot xss attacks
Firefox has the most known vulnerabilities right now, but they aren't being attacked near as often, also they have the fastest patch release time, so the fixes come before the major exploits normally. Things are getting nuts normal big sites I trust are being exploited. So I would recommend firefox, and I might avoid the large sites like myspace, youtube, and such for the next few weeks while people find ways to tighten up security a bit more. I might take my stuff down again while I check other possible exploits. Google ads was exploited once and if you can't trust google code who can you trust, I might have to begin pulling some ad sections until the browsers are fixed.
Comments (1)
WASS UP OH HOW CAN U GET ON MYSPACE AT SCHOOL??
Posted by Anonymous | November 29, 2006 2:05 PM
Posted on November 29, 2006 14:05