Thursday, September 28, 2006

XSS Disclosure Drama

Here's a quick link recap of the ongoing drama occurring on sla.ckers.org. Dozens and dozens of XSS issues are being disclosed in major websites, even in security companies (Acunetix, F5, ISC2, etc.). Acunetix and F5 say, we're not vulnerable! A couple security industry folk question the strategy of their response and offer they're own two cents worth of advice. The hackers strike back by identifying other XSS issues, this time with pictures of STALL0W3D!1. Acunetix says still no, must have been our honeypot.

Bottom line: Time to find and fix your XSS issues before you end up on the wall of shame, or worse.

1 comment:

Anonymous said...

Interesting to find F5 Website issue having their TrafficShield product positioned to eliminate the exact same issues.

2 cents.