25Sep2010 (UTC +8) I guess you've all heard about this by now. If not, it's interesting in it's simplicity:
http://blog.twitter.com/2010/09/all-about-onmouseover-incident.html http://www.sophos.com/blogs/gc/g/2010/09/21/twitter-onmouseover-security-flaw-widely-exploited/ http://www.youtube.com/watch?v=EpG661S9u9A Exploit goes something like this: onMouseOver="javascript:alert('Hello World!');"\ Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA http://www.laggui.com ( Singapore / Manila / California ) Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer PGP fingerprint = 0117 15C5 F3B1 6564 59EA 6013 1308 9A66 41A2 3F9B _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
