Thanks Hugo, I'm just about getting to grips with XSS attacks, and I'm pretty certain NLG is not vulnerable.
Andy. Hugo van der Kooij wrote: > On Thu, 28 Dec 2006, Andy Shellam (Mailing Lists) wrote: > > >> Thanks for your description below but I'm still struggling to come to >> terms with how NLG can be used to attack another site. >> Firstly, my understanding of an XSS attack is of the following: >> >> - Client requests a page (eg. www.yahoo.com) >> - Hacker strips the response packets off the wire and replaces them with >> packets that have come from (eg. www.google.co.uk) >> - Client receives www.google.co.uk as a result of hacker's actions >> > > Well if you trust site A but not site B and site B can trick your browser > into thinking that the data comes from site A instead you are exposed to > site B. > > Site A is the unwilling accomplish in this scheme and that is one thing > you have to be carefull about. > > Hugo. > > -- Andy Shellam NetServe Support Team the Mail Network "an alternative in a standardised world" p: +44 (0) 121 288 0832/0839 m: +44 (0) 7818 000834 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
