A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

Gmail Security Checklist, Improve Login Security

There are two to tango, and the same is true for an effective online security strategy. What does it mean? One the one side, the company offering a service needs

Read More

Hard disk data recovery – Recover from damaged disk? Wipe out the harddisk to avoid spying

Think of the time you take to copy a 1 GB file to the hard disk drive and the time taken to delete the same file. Doesn’t it take very

Read More

Web threats to surpass e-mail pests

E-mail has traditionally been the top means of attack, with messages laden with Trojan horses and other malicious programs hitting inboxes. But the balance is about to tip as cybercrooks

Read More