A cross site scripting attack works in the following manner:

* The attacker identifies a web site that has one or more XSS bugs for example, a web site that echoes the contents of a querystring.
* The attacker crafts a special URL that includes a malformed and malicious querystring containing HTML and scripts such as JavaScript.
* The attacker finds a victim and gets the victim to click on a link that includes the malformed querystring. This could simply be a link to another web page, or a link in an HTML e-mail.
* Once the victim clicks the link, the victim’s browser makes a GET request to the vulnerable server, bypassing the malicious querystring.
* The vulnerable server echoes the malicious querystring back to the victim’s browser, and the browser executes the JavaScript embedded in the response.

Explore More

About WPA & WPA2

Wi-Fi Protected Access (WPA and WPA2) is a class of systems to secure wireless (Wi-Fi) computer networks. It was created in response to several serious weaknesses researchers had found in

Read More

Dangerous IP’s – Do not scan

All the below are FBI controlled Linux servers & IPs/IP-Ranges 207.60.0.0 – 207.60.255.0 The Internet Access Company207.60.2.128 – 207.60.2.255 Abacus Technology207.60.3.0 – 207.60.3.127 Mass Electric Construction Co.207.60.3.128 – 207.60.3.255 Peabody

Read More

Several avast sites were defaces

Last month, eight sites at once well-known anti-virus solutions avast!  Were defaces: http://www.avast.co.za/ (mirror; date: 2010-01-22 15:06:28) http://awast.org/ (mirror; date: 2010-02-18 18:57:27) http://www.avast.de/ (mirror; date: 2010-02-18 18:58:01) http://shop.avast.de/ (mirror; date:

Read More